Business + Partners

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click? That’s what we wanted...

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of...

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now...

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have? Substitute your digital...

The Nastiest Malware of 2020

Reading Time: ~ 4 min.

For the third year running, we’ve examined the year’s biggest cyber threats and ranked them to determine which ones are the absolute worst. Somewhat unsurprisingly, phishing and RDP-related breaches remain the top methods we’ve seen cybercriminals using to launch their attacks. Additionally, while new examples of malware and cybercriminal tactics crop up each day, plenty of the same old players, such as ransomware, continue to get upgrades and dominate the scene.

For example, a new trend in ransomware this year is the addition of a data leak/auction website, where criminals will reveal or auction off data they’ve stolen in a ransomware attack if the victim refuses to pay. The threat of data exposure creates a further incentive for victims to pay ransoms, lest they face embarrassing damage to their personal or professional reputations, not to mention hefty fines from privacy-related regulatory bodies like GDPR.

But the main trend we’ll highlight here is that of modularity. Today’s malicious actors have adopted a more modular malware methodology, in which they combine attack methods and mix-and-match tactics to ensure maximum damage and/or financial success.

Here are a few of nastiest characters and a breakdown of how they can work together.

  • Emotet botnet + TrickBot Trojan + Conti/Ryuk ransomware
    There’s a reason Emotet has topped our list for 3 years in a row. Even though it’s not a ransomware payload itself, it’s the botnet that is responsible for the most ransomware infections, making it pretty darn nasty. It’s often seen with TrickBot, Dridex, QakBot, Conti/Ryuk, BitPaymer and REvil.

    Here’s how an attack might start with Emotet and end with ransomware. The botnet is used in a malicious spam campaign. An unwitting employee at a company receives the spam email, accidentally downloads the malicious payload. With its foot in the door, Emotet drops TrickBot, an info-stealing Trojan. TrickBot spreads laterally through the network like a worm, infecting every machine it encounters. It “listens” for login credentials (and steals them), aiming to get domain-level access. From there, attackers can perform recon on the network, disable protections, and drop Conti/Ryuk ransomware at their leisure.
  • Ursnif Trojan + IcedID Trojan + Maze ransomware
    Ursnif, also known as Gozi or Dreambot, is a banking Trojan that has resurfaced after being mostly dormant for a few years. In an attack featuring this troublesome trio, Ursnif might land on a machine via a malicious spam email, botnet, or even TrickBot, and then drop the IcedID Trojan to improve the attackers’ chances of getting the credentials or intel they want. (Interestingly, IcedID has been upgraded to use steganographic payloads. Steganography in malware refers to concealing malicious code inside another file, message, image or video.) Let’s say the Trojans obtain the RDP credentials for the network they’ve infected. In this scenario, the attackers can now sell those credentials to other bad actors and/or deploy ransomware, typically Maze. (Fun fact: Maze is believed to have “pioneered” the data leak/auction website trend.)
  • Dridex/Emotet malspam + Dridex Trojan + BitPaymer/DoppelPaymer ransomware

Like TrickBot, Dridex is another very popular banking/info-stealing Trojan that’s been around for years. When Dridex is in play, it is either dropped via Emotet or its authors’ own malicious spam campaign. Also like TrickBot, Dridex spreads laterally, listens for credentials, and typically deploys ransomware like BitPaymer/DoppelPaymer.

As you can see, there are a variety of ways the attacks can be carried out, but the end goal is the more or less the same. The diverse means just help ensure the likelihood of success.

The characters mentioned above are, by no means, the only names on our list. Here are some of the other notable contenders for Nastiest Malware.

  • Sodinokibi/REvil/GandCrab ransomware – all iterations of the same ransomware, this ransomware as a service (RaaS) payload is available for anyone to use, as long as the authors get a cut of any successful ransoms.
  • CrySiS/Dharma/Phobos ransomware – also RaaS payloads, these are almost exclusively deployed using compromised RDP credentials that are either brute-forced or easily guessed.
  • Valak – a potent multi-functional malware distribution tool. Not only does it commonly distribute nasty malware such as IcedID and Ursnif, but it also has information stealing functionalities built directly into the initial infection.
  • QakBot – an info-stealing Trojan often dropped by Emotet or its own malspam campaigns with links to compromised websites. It’s similar to TrickBot and Dridex and may be paired with ProLock ransomware.

Combine protections to combat combined attacks.

If businesses want to stay safe, they need to implement multiple layers of protection against these types of layered attacks. Here are some tips from our experts.

  • Lock down RDP. Security analyst Tyler Moffitt says unsecured RDP has risen over 40% since the COVID-19 pandemic began because more businesses are enabling their workforce to work remotely. Unfortunately, many are not doing so securely. He recommends businesses use RDP solutions that encrypt the data and use multi-factor authentication to increase security when remoting into other machines.
  • Educate end users about phishing. Principal product manager Phil Karcher points out that many of the attack scenarios listed above could be prevented with stronger phishing/spam awareness among end users. He recommends running regular security training and phishing simulations with useful feedback. He also says it’s critical that employees know when and how to report a suspicious message.
  • Install reputable cybersecurity software. Security intelligence director Grayson Milbourne can’t stress enough the importance of choosing a solution that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple kinds of attacks at different attack stages.
  • Set up a strong backup and disaster recovery plan. VP of product management Jamie Zajac says that, particularly with a mostly or entirely remote workforce, businesses can’t afford not to have a strong backup. She strongly recommends regular backup testing and setting alerts and regular reporting so admins can easily see if something’s amiss.

Discover more about the 2020’s Nastiest Malware on the Webroot Community.

What DoH Can Really Do

Reading Time: ~ 3 min.

Fine-tuning privacy for any preference

A DNS filtering service that accommodates DNS over HTTPS (DoH) can strengthen an organization’s ability to control network traffic and turn away threats. DoH can offer businesses far greater control and flexibility over their privacy than the old system.

The most visible use of DNS is typically the browser, which is why all the usual suspects are leading the charge in terms of DoH adoption. This movement has considerable steam behind it and has extended beyond just applications as Microsoft, Apple and Google have all announced their intent to support DoH.

Encrypting DNS requests is an indisputable win for privacy-minded consumers looking to prevent their ISPs from snooping on and monetizing their browsing habits. Businesses, on the other hand, should not easily surrender this visibility since managing these requests adds value, helping to keep users from navigating to sites known to host malware and other threats.

Here are three examples of how.

1.  By enhancing DNS logging control

Businesses have varying motivations for tracking online behavior. For persistently troublesome users—those who continuously navigate to risky sites—it’s beneficial to exert some control over their network use or even provide some training on what it takes to stay safe online. It can also be useful in times of problematic productivity dips by helping to tell if users are spending inordinate amounts of time on social media, say.

On the other hand, for CEOs and other strategic business units, tracking online activity can be cause for privacy concerns. Too much detail into the network traffic of a unit tasked with investigating mergers and acquisitions may be unwanted, for example.

“If I’m the CEO of a company, I don’t want people paying attention to where I go on the internet,” says Webroot DNS expert Jonathan Barnett. “I don’t want people to know of potential deals I’m investigating before they become public.”

Logging too much user information can also be problematic from a data privacy perspective. Collecting or storing this information in areas with stricter laws, as in the European Union, can unnecessarily burden organizations with red tape.

“Essentially it exposes businesses to requirements concerning how they’re going to use that data, who has access to it and how long that data is preserved” says Barnett.

By optionally never logging user information and backing off DNS logging except when a request is deemed a security threat, companies maintain both privacy and security.

2. By allowing devices to echo locally

With DoH, visibility of DNS requests is challenging. The cumulative DNS requests made on a network help to enhance its security as tools such as SIEMs and firewalls leverage these requests by controlling access as well as corelating the requests with other logs and occurrences on the network. 

“Let’s say I’m on my network at the office and I make a DNS request,” explains Barnett. “I may want my DNS request to be seen by the network as well as fielded by my DNS filtering service. The network gets value out of DNS. If I see inappropriate DNS requests I can go and address the user or fix the device.”

Continuing to expose these DNS requests through an echo to the local network provides this, while the actual requests are secure and encrypted by the DNS protection agent using DoH. This option achieves the best of both worlds by adding the security of DoH to the security of the local network.

3. By allowing agents to fail open

DNS is instrumental to the functionality of the internet. So, the question is, what do we do when a filtered answer is not available? By failing over to the local network, it’s assured that the internet continues to function. However, there are times when filtering and privacy are more important than connectivity. Being able to choose if DNS requests can leak out to the local network helps you stay in control by choosing which is a priority.

 “Fail open functionality essentially allows admins to make a tradeoff between the protection offered by DNS filtering and the productivity hit that inevitably accompanies a lack of internet access,” says Barnett.

Privacy your way

The encryption of DoH enables options for fine-tuning privacy preferences while preserving the security benefits of DNS filtering. Those that must comply with the needs of privacy-centric users now have control over what is revealed and what is logged, while maintaining the benefits of communicating using DoH.

Click here to read related blogs covering the transition to DNS over HTTPS.

It’s Time to Talk Seriously About Deepfakes and Misinformation

Reading Time: ~ 4 min.

Like many of the technologies we discuss on this blog—think phishing scams or chatbots—deepfakes aren’t necessarily new. They’re just getting a whole lot better. And that has scary implications for both private citizens and businesses alike.

The term “deepfakes,” coined by a Reddit user in 2017, was initially most often associated with pornography. A once highly trafficked and now banned subreddit was largely responsible for developing deepfakes into easily created and highly believable adult videos.

“This is no longer rocket science,” an AI researcher told Vice’s Motherboard in an early story on the problem of AI-assisted deepfakes being used to splice celebrities into pornographic videos.

The increasing ease with which deepfakes can be created also troubles Kelvin Murray, a senior threat researcher at Webroot.

“The advancements in getting machines to recognize and mimic faces, voices, accents, speech patterns and even music are accelerating at an alarming rate,” he says. “Deepfakes started out as a subreddit, but now there are tools that allow you to manipulate faces available right there on your smartphone.”

While creating deepfakes used to require good hardware and a sophisticated skillset, app stores are now overflowing with options creating them. In terms of technology, they’re simply a specific application of machine learning technology, says Murray.

“The basics of any AI system is that if you throw enough information at it, itcan pick it up. It can mimic it. So, if you give it enough video, it can mimic a person’s face. If you give it enough recordings of a person, it can mimic that person’s voice.”

There are several ways deepfakes threaten to redefine the way we live and conduct business online.

Deepfakes as a threat to privacy

A stolen credit card can be cancelled. A stolen identity, especially when it’s a mimicked personal attribute, is much more difficult to recover. The hack of a firm dedicated to developing facial recognition technology, for instance, could be a devastating source of deepfakes.

“So many apps, sites and platforms host so many videos and recordings today. What happens when they get hacked? Will the breach of a social media platform allow a hacker to impersonate you,” asks Murray.

Businesses must be especially careful about the data they collect from customers or users, asking both if it’s necessary to collect and if it can be stored safely afterwards. If personal data must be collected, security must be a top priority, and not only for ethical reasons. Governments are starting to enact some strict regulations and doling out some stiff fines for data breaches.

Ultimately, Murray thinks those governments may need to weigh in more heavily on the threat of deepfakes as they become even more indistinguishable from reality.

“We’re not going to stop this technology. It’s here. But people need to have the discussion about where we’re heading. In the same way GDPR was created to protect people’s data, we’re going to need to have a similar conversation about deepfakes leading to a different kind of identity theft.”

Deepfakes as a cybersecurity threat to businesses

It’s important to note the ways in which deepfakes can be used to target businesses, not just to spoof individuals.

“These business-related instances aren’t too common yet,” says Murray. “But we’re at the beginning of a wave right now in terms of AI-enabled threats against businesses.

A late 2019 attack against a U.K. energy firm could be a sign of scary things to come. Rather than video, this attack took advantage of voice-spoofing technology to pose as an executive’s manager, insisting he wire nearly $250 thousand to a “supplier” immediately. In the aftermath of the scam, the victim reported being convinced by both the accent and the rhythm of the fake speech pattern.

To safeguard against what could be a rising attack method, Murray recommends businesses understand what deepfakes are capable of and follow best practices for avoiding fraud, no matter the technology.

“Have well-defined protocol for changing account details and signing off on any invoices,” he advises “Train financial and accounting teams especially rigorously on these protocols and encourage them to pick up the phone and double-check when anything seems strange or off. In these days of increased working from home it’s also tougher for financial staff to walk up to other finance or sales colleagues and make informal double checks.”

Deepfakes and misinformation campaigns

Soon after deepfakes went mainstream, implications for politics and the weaponization of misinformation became clear, prompting the U.S. Senate to address the issue in 2018.

While initially used to humiliate or extort people, mostly women, malicious actors began to see them as a way to sway public opinion or sow chaos. Deeptrace, a company dedicated to uncovering deepfakes, has noted instances where manipulated video was used to promote social discord and scandal across the globe.

“Deepfakes further undermine our ability to believe what we read, and now even watch, on the internet,” says Murray. This leads to widespread distrust, especially on issues where understanding is crucial, like the coronavirus pandemic, where misinformation is bountiful.

To combat misinformation, Murray advises to keep in mind how much of it is out there. Always consider the source of the information you’ve received before acting on it, especially if it makes you angry or elicits some other strong emotional response.

Deepfakes will likely make the internet even more difficult to rely on as a source of information in the years to come. But reducing their impact starts with understanding how far they’ve come and what they’re capable of.

To learn more on Deepfakes and misinformation, listen to the podcast.

False Confidence is the Opposite of Cyber Resilience

Reading Time: ~ 4 min.

Have you ever met a person who thinks they know it all? Or maybe you’ve occasionally been that person in your own life? No shame and no shade intended – it’s great (and important) to be confident about your skills. And in cases where you know your stuff, we encourage you to keep using your knowledge to help enhance the lives and experiences of the people around you.

But there’s a big difference between being reasonably confident and having false confidence, as we saw in our recent global survey. Featured in the report COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, the survey data shows that, all over the world, people are pretty confident about their ability to keep themselves and their data safe online. Unfortunately, people are also still getting phished and social engineering tactics aimed at employees are still a major way that cybercriminals successfully breach businesses. These data points strongly suggest that we aren’t all being quite as cyber-safe as we think.

Overconfidence by the Numbers

Approximately 3 in 5 people (59%) worldwide think they know enough to stay safe online.

You may think 59% doesn’t sound high enough to earn the label of “false confidence”. But there were two outliers in our survey who dragged the average down significantly (France and Japan, with only 44% and 26% confidence, respectively). If you only take the average of the five other countries surveyed (the US, UK, Australia/New Zealand, Germany and Italy), it’s a full ten percentage points higher at 69%. UK respondents had the highest level of confidence out of all seven regions surveyed with 75%.

8 in 10 people say they take steps to determine if an email message is malicious.

Yet 3 in 4 open emails and click links from unknown senders.

When so many of us claim to know what to do to stay safe online (and even say we take steps to determine the potential sketchiness of our emails), why are we still getting phished? We asked Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, for his take on the matter. He had two important points to make.

Individualism

According to Dr. Rajivan, it’s important to note that Japan had the lowest level of confidence about their cybersecurity know-how (only 26%), but the survey showed they also had the lowest rate of falling victim to phishing (16%). He pointed out that countries with more individualistic cultures seem to align with countries who ranked themselves highly on their ability to keep themselves and their data safe.

“When people adopt a less individualistic mindset and, instead, perceive themselves to have a greater responsibility to others, their average level of willingness to take risks decreases. This is especially important to note for businesses that want to have a cyber-aware culture.”

– Prashanth Rajivan, Ph.D.

The Dunning-Kruger Effect

Another factor Dr. Rajivan says may contribute to overconfidence in one’s ability to spot phishing attacks might be a psychological phenomenon called the “Dunning-Kruger Effect”. The Dunning-Kruger Effect refers to a cognitive bias in which people who are less skilled at a given task tend to be overconfident in their ability, i.e. we tend to overestimate our capabilities in areas where we are actually less capable.

How These Numbers Affect Businesses

Only 14% of workers feel that a company’s cyber resilience is a responsibility all employees share.

The correlations between overconfidence and individualism may also translate into a mentality that workers are not responsible for their own cybersecurity during work hours. While 63% of workers surveyed agree that a cyber resilience strategy that includes both security tools and employee education should be a top priority for any business, only 14% felt that cyber resilience was a shared responsibility for all employees.

How to Create a Cyber Aware Culture

The short answer: a strong combination of employee training and tools.

The long answer: when asked what would help them feel better prepared to avoid phishing and prevent cyberattacks, workers worldwide agreed that their employers need to invest more heavily in training and education, in addition to strong cybersecurity tools. Dr. Rajivan also agrees, stating that, if employers want to build cybersecurity awareness into their business culture, then they need to invest heavily in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Additionally, he tells us, “Human behavior is shaped by past experiences, consequences and reinforcement. To see a real change in human behavior related to phishing and online risk-taking habits in general, people need frequent and varied experiences PLUS appropriate feedback that incentivizes good behavior.”

Ultimately, the importance of training can’t be emphasized enough. According to real-world data from customers using Webroot® Security Awareness Training, which provides both training courses and easy-to-run, customizable phishing simulations, consistent training can reduce click rates on phishing scams by up to 86.5%.

It’s clear a little training can go a long way. If you want to increase cyber resilience, you have to minimize dangerous false confidence. And to do that, you need to empower your workforce with the tools and training they need to confidently (and correctly) make strong, secure decisions about what they do and don’t click online.

Learn more about Security Awareness Training programs.

Cyber Resilience for Business Continuity

Reading Time: ~ 2 min.

“Ten years ago, you didn’t see state actors attacking [small businesses]. But it’s happening now,” warns George Anderson, product marketing director at Carbonite + Webroot, OpenText companies.

Sadly, many of today’s managed service providers who serve small and medium-sized businesses now have to concern themselves with these very threats. Independent and state-sponsored hacking groups use sophisticated hacking tools (advanced persistent threats or APTs), to gain unauthorized access to networks and computers, often going undetected for months or even years at a time. In fact, according to the 2020 Verizon Data Breach Investigations Report, cyber-espionage is among the top patterns associated with breaches targeting businesses worldwide.

These attacks can be difficult even for highly sophisticated enterprise security teams to detect, stop or recover from. But all businesses, no matter their size, must be ready for them. As such, MSPs, themselves ranging in size from a few techs to a few hundred professionals, may find they need help protecting their SMB customers from APTs; that’s on top of the consistent onslaught of threats from ordinary, profit-motivated cyberattackers. That’s where the concept of cyber resilience comes in.

What does cyber resilience look like?

“Being [cyber] resilient – knowing that even if you’re knocked offline you can recover quickly – is essential for today’s businesses,” George says.

The reality is that today’s organizations have to accept a breach is pretty much inevitable. Their level of cyber resilience is the measure of the organization’s ability to keep the business running and get back to normal quickly. “It’s being able to absorb punches and get back on your feet, no matter what threatens,” as George put it in a recent podcast with Joe Panettieri, co-founder MSSP Alert & ChannelE2E.

Read more about how businesses can build a cyber resilient company culture.

How can businesses and MSPs achieve cyber resilience?

Because cyber resilience is about both defending against attacks and preparing for their inescapability,  a major component in a strong resilience strategy is the breadth of coverage a business has. In particular, having tested and proven backup and disaster recovery solutions in place is the first step in surviving a breach. If a business has reliable, real-time (or near real-time) recovery capabilities, then in the event of an attack, they could make it through barely skipping a beat.

Now, George has clarified that “no single solution can offer complete immunity against cyberattacks on its own.” To reduce the risk of events like data loss from accidental deletion, device theft or hardware failure, your clients need multiple layers of protection that secure their devices and data from multiple angles. Here are George’s top data protection tips:

Ultimately, George says ensuring business continuity for MSPs and the businesses they serve through comprehensive cyber resilience solutions is the primary goal of the Carbonite + Webroot division of OpenText.

“We want to up the advocacy and stop attacks from happening as much as we possibly can.  At  the  same time, when they inevitably do happen, we want to be able to help MSPs recover and limit lost time, reputation damage, and financial impact so businesses can keep functioning.”

To learn more about cyber resilience, click here.

MSP Insight: Netstar Shares Cyber Resilience Strategies for Remote Work

Reading Time: ~ 5 min.

Guest blog by Mit Patel, Managing Director of London based IT Support company, Netstar.

In this article, Webroot sits down with Mit Patel, Managing Director of London-based MSP partner, Netstar, to discuss the topic of remote work during a pandemic and tips to stay cyber resilient.

Why is it important to be cyber resilient, specifically when working remote?

It’s always important to be cyber resilient, but a lot has changed since the start of the COVID-19 lockdown that needs to be taken into consideration.

Remote work has posed new problems for businesses when it comes to keeping data secure. Since the start of lockdown, there has been a significant increase in phishing scams, ransomware attacks and malicious activity. Scammers now have more time to innovate and are using the widespread anxiety of coronavirus to target vulnerable people and businesses.

Moreover, the sudden shift in working practices makes the pandemic a prime time for cyber-attacks. Employees can no longer lean over to ask a colleague if they are unsure about the legitimacy of an email or web page. Instead, they need to be confident in their ability to spot and avoid potential security breaches without assistance.

Remote work represents a significant change that can’t be ignored when it comes to the security of your business. Instead, businesses need to be extra vigilant and prioritise their cyber resilience.

What does cyber resilience mean to you?

It’s important to differentiate between cyber resilience and cyber security. Cyber security is a component of cyber resilience, referring to the technologies and processes designed to prevent cyber-attacks. Whereas, I believe cyber resilience goes a step further, referring to the ability to prevent, manage and respond to cyber threats. Cyber resilience recognises that breaches can and do happen, finding effective solutions that mean businesses recover quickly and maintain functionality. The main components of cyber resilience include, training, blocking, protecting, backing up and recovering. When all these components are optimised, your cyber resilience will be strong, and your business will be protected and prepared for any potential cyber threats.

Can you share some proactive methods for staying cyber resilient when working remote?

Absolutely. But it’s important to note that no solution is 100% safe and that a layered approach to IT security is necessary to maximise protection and futureproof your business.

Get the right antivirus software. Standard antivirus software often isn’t enough to fully protect against viruses. Businesses need to consider more meticulous and comprehensive methods. One of our clients, a licensed insolvency practitioner, emphasized their need for software that will ensure data is protected and cyber security is maximised. As such, we implemented Webroot SecureAnywhere AnitVirus, receiving excellent client feedback, whereby the client stressed that they can now operate safe in the knowledge that their data is secure.

Protect your network. DNS Protection is a critical layer for your cyber resilience strategy. DNS will protect you against threats such as malicious links, hacked legitimate websites, phishing attacks, CryptoLocker and other ransomware attacks. We have implemented DNS Protection for many of our clients, including an asset management company that wanted to achieve secure networks with remote working capability. In light of the current remote working situation, DNS Protection should be a key consideration for any financial business looking to enhance their cyber resilience.

Ensure that you have a strong password policy. Keeping your passwords safe is fundamental for effective cyber resilience, but it may not be as simple as you think. Start by making sure that you and your team know what constitutes a strong password. At Netstar, we recommend having a password that:

  • Is over 10 characters long
  • Contains a combination of numbers, letters and symbols
  • Is unpredictable with no identifiable words (even if numbers or symbols are substituted for letters)

You should also have different passwords for different logins, so that if your security is compromised for any reason, hackers can only access one platform. To fully optimise your password policy, you need to consider multi-factor authentication. Multi-factor authentication goes a step further than the traditional username-password login. It requires multiple forms of identification in order to access a certain email account, website, CRM etc. This will include at least two of the following:

  • Something you know (e.g. a password)
  • Something you have (e.g. an ID badge)
  • Something you are (e.g. a fingerprint)

Ensure that you have secure tools for communication. Collaboration tools, like Microsoft Teams, are essential for remote working. They allow you to communicate with individuals, within teams and company-wide via audio calls, video calls and chat.

When it comes to cyber resilience, it’s essential that your team know what is expected of them. You should utilise collaboration tools to outline clear remote working guidance to all employees. For example, we would recommend discouraging employees from using personal devices for work purposes. The antivirus software installed on these devices is unlikely to be of the same quality as the software installed on work devices, so it could put your business at risk.

Furthermore, you need to be confident that your employees can recognise and deal with potential security threats without assistance. Individuals can no longer lean across to ask a colleague if they’re unsure of the legitimacy of something. They need to be able to do this alone. Security awareness training is a great solution for this. It will teach your team about the potential breaches to look out for and how to deal with them. This will cover a range of topics including, email phishing, social media scams, remote working risks and much more. Moreover, courses are often added and updated, meaning that your staff will be up to date with the latest scams and cyber threats.

Implement an effective backup and disaster recovery strategy

Even with every preventive measure in place, things can go wrong, and preparing for disaster is crucial for effective cyber resilience.

In fact, a lot of companies that lose data because of an unexpected disaster go out of business within just two years, which is why implementing an effective backup and disaster recovery strategy is a vital layer for your cyber resilience strategy.

First, we advise storing and backing up data using an online cloud-based system. When files are stored on the cloud, they are accessible from any device at any time. This is particularly important for remote working; it means that employees can collaborate on projects and access necessary information quickly and easily. It also means that, if your device is wiped or you lose your data, you can simply log in to your cloud computing platform and access anything you might need. Thus, data can easily be restored, and you’re protected from potential data loss.

Overall, disaster recovery plans should focus on keeping irreplaceable data safe. Consider what would happen to your data in the event of a disaster. If your office burned down, would you be confident that all your data would be protected?

You should be working with an IT support partner that can devise an effective and efficient disaster recovery plan for your business. This should set out realistic expectations for recovery time and align with your insurance policy to protect any loss of income. Their goal should be to get your business back up and running as quickly as possible, and to a high standard (you don’t want an IT support partner that cuts corners). Lastly, your IT support provider should regularly test your strategy, making sure that if disaster did occur, they could quickly and effectively restore the functionality of your business.

What else should fellow MSPs keep in mind during this trying time?

In the last four years, cyber resilience has become increasingly important; there are so many more threats out there, and so much valuable information that needs protecting.

We have happy clients because their machines run quickly, they experience less IT downtime, and they rarely encounter viruses or malicious activity. We know that we need to fix customers’ problems quickly, while also ensuring that problems don’t happen in the first place. Innovation is incredibly important to us, which is why we’ve placed a real focus on proactive client advisory over the last 24 months.

That’s where a strong cyber resilience strategy comes into play. MSPs need to be able to manage day-to-day IT queries, while also focusing on how technology can help their clients grow and succeed in the future.There is plenty of advice around the nuts and bolts of IT but it’s the advisory that gives clients the most value. As such, MSPs should ensure they think like a customer and make technological suggestions that facilitate overall business success for their clients.

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Reading Time: ~ 4 min.

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click?

That’s what we wanted to find out when we conducted our most recent survey. We checked in with thousands of office workers across seven different countries to get a global perspective on phishing and people’s individual click habits. Then we partnered with Dr. Prashanth Rajivan, assistant professor at the University of Washington, to gain a deeper understanding of phishing and those habits, as well as how things have shifted during COVID-19 in our new report: COVID-19 Clicks: How Phishing Capitalized on a Global Crisis.

In this blog post, we’ve summarized this comprehensive report and included tips for how to stay safe, but we strongly encourage you to check out the full writeup.

Why do people still click?

3 in 10 people worldwide clicked a phishing link in the past year. Among Americans, it’s 1 in 3.

According to Dr. Rajivan, what we need to consider is that human beings aren’t necessarily good at dealing with uncertainty, which is part of why cybercriminals capitalize on upheaval (such as a global pandemic) to launch attacks.

“People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t.”

– Prashanth Rajivan, Ph.D.

Tip # 1

  • For businesses: Ensure workers have clear distinctions between work and personal time, devices, and obligations. This helps reduce the amount of uncertainty that can ultimately lead to phishing-related breaches.
  • For individuals: Hackers often exploit security holes in older software versions and operating systems. Update software and systems regularly to help shut the door on malware.

Has phishing increased since COVID-19 began

At least one in five people have received a phishing email related to COVID-19.

There’s no doubt that the global COVID-19 pandemic has changed a lot about how we live and work. According to our survey, 54% of workers spend more time working from home than they did before the pandemic. With more people connecting to the internet outside of corporate networks and away from the watchful eyes of IT teams, it’s to be expected that cybercriminals would take advantage.

“[We’ve seen] massive spikes […] in phishing URLs targeting COVID-related topics. For example, with more people spending time at home, use of streaming services has gone up. In March alone, we saw a 3000% increase in phishing URLs with ‘youtube’ in the name.

– Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText Companies

Regardless, the majority of people surveyed still think they are at least the same level of prepared or more prepared to spot phishing email attempts, now that they’ve spent more time working from home

“People are taking increased physical safety measures in the pandemic, including mask wearing, social distancing, more frequent hand-washing, etc. I think this heightened level of precaution and awareness could cause people to slightly overestimate their overall safety, including their safety regarding online threats.”

– Prashanth Rajivan, Ph.D.

Tip #2

  • For businesses: Know your risk factors and over prepare. Once you’ve assessed the risks, you can create a stronger data breach response plan.
  • For individuals: Stay on your toes. By being vigilant and maintaining a healthy dose of suspicion about all links and attachments in messages, you can significantly decrease your phishing risk.

People say they know better. Do they really?

81% of people say they take steps to determine if an email message is malicious. Yet 76% open emails and click links from unknown senders.

When we asked Dr. Rajivan why these numbers don’t line up, he said the difference is between knowing what you should do and actually doing it

“There are huge differences between knowing what to do and actually operationalizing that knowledge in appropriate scenarios. I suspect many people don’t really take the actions they reported, at least not on a regular basis, when they receive suspicious emails.”

– Prashanth Rajivan, Ph.D.

Tip #3

  • For businesses: Back up data and ensure employees can access and retrieve data no matter where they are. Accidents happen; what matters most is being able to recover quickly and effectively. Don’t forget to back up collaboration tools too, such as Microsoft® Teams and the Microsoft® 365 suite.
  • For individuals: Make sure important data and files are backed up to secure cloud storage or an external hard drive. In the case of a hard drive, make sure it’s only connected while backing up, so you don’t risk backing up infected or encrypted files. If it’s a cloud back up, use the kind that lets you to restore to a specific file version or point in time.

What’s the way forward?

All over the world, workers say that in order to be better prepared to handle cyberattacks, they need more education.

According to global respondents, more knowledge and better understanding is key for stronger cyber resilience. The top three things people everywhere said would help them better prepare themselves to handle cyber threats like phishing were: knowing which tools could help prevent an attack, knowing what to do if you fall victim to an attack, and understanding the most common types of attacks.

Dr. Rajivan points out that, if businesses are asking individuals to make changes to their own behavior for the greater safety of all, then they need to make it clear they are willing to invest in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Tip #4

  • For businesses: Invest in your people. Empower your people with regular training to help them successfully avoid scams and exercise appropriate caution online.
  • For individuals: Educate yourself. Even if your company provides training, Dr. Rajivan recommends we all subscribe to cybersecurity-related content in the form of podcasts, social media, blogs, and reputable information sources to help keep strong, cyber resilient behavior top-of-mind.

Want more details on click habits and shifting risks during COVID-19?
Read our full report, COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, to start building out your cybersecurity education today. And be sure to check back here on the Webroot blog for the latest in news in phishing prevention.          

Key Considerations When Selecting a Web Classification Vendor

Reading Time: ~ 4 min.

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of curated data into their product or service. Over the years, we’ve had the good fortune to work with partners of all sizes, from global networking and security vendors to innovative and dynamic start-ups across the world.

With the end-of-life of Broadcom’s Symantec RuleSpace OEM Web Classification service, we’ve received numerous inquiries from their former customers evaluating alternative solutions. Here we’ll outline the things to consider in a replacement. For more on why Webroot is poised to fill the gap left by the Broadcom, you can read the complete whitepaper here.

Your use case: how well does it align with the vendor?

Each use case is unique. Every vendor or service provider brings its own benefit to market and has its own idea about how their service or solution adds value for customers, clients or prospects. That’s why our adaptive business model focuses on consulting with partners on technical implementation options, spending the time to understand each business and how it may benefit from a well-architected integration of classification and/or intelligence services.

Longevity and track record

A key factor influencing change on the internet is innovation. Every service provider is continuously enhancing and improving its services to keep pace with changes in the threat landscape, and with general changes to the internet itself. As well as keeping up with this change, it’s important that a vendor brings a historical perspective to the partnership. This experience will come in handy in many ways. Scalability, reliability and overall business resilience should be expected from a well-established vendor.

Industry recognition

Fair comparative evaluations of web classification and threat intelligence providers are difficult to achieve. We can offer guidance to prospective partners, but it’s often more reassuring to simply see the strong partner relationships we have today. Many of these we’ve worked with for well over a decade. When evaluating a vendor, we recommend looking closely at current partners and imagining the investments each have made in their integrated solutions. This speaks volumes about integration performance and the quality of the partnership.

Technology platform

A classification or threat dataset is only as good its sources and the analytics used to parse it. Many companies offer classification and/or threat intelligence data, but the quality of that data varies significantly.

Threat Intelligence Capabilities

Not all our partners’ use cases require threat intelligence, but for those that do it’s critical they understand where their threat data comes from. There are now a great many sources of threat data, but again these are far from equal. Worse still, comparing source is often no simple task.

Ease of integration

As mentioned, every use case is unique. So are the platforms into which web classification, malware detection and threat intelligence services are integrated. It’s therefore crucial that a vendor provide flexible integration options to accommodate any pioneering partner, service provider or systems integrator. Simply providing data via an API is useful, but will it always deliver the performance required for real-time applications?  Delivering a local database of threats or classifications may help with performance, but what about new threats? Achieving a balance of flexible delivery, performance and security is crucial, so take time to discuss with potential vendors how they plan to deliver.

Phishing detection

Phishing sites are some of the most dynamic and short-lived attack platforms on the web, so intelligence sources must be capable of detecting and tracking them in real-time. Most phishing intelligence sources depend on manual submissions of phishing sites by end users. This is far from ideal. Users are prone to error, and for every 10,000 users who click on a phishing site only one will report it to an authority or tracking service, leading to massive under-reporting of this threat vector.

Category coverage: beware category overload

There are various approaches to classifying the web and different vendors specialize in different areas. In many cases, this is determined by the data sources they have access to or the markets in which they operate. Again, it’s important to evaluate the partners to whom the vendor is delivering services and to consider how the vendor may or may not add value to the partnership. 

Efficacy and performance

Efficacy is fundamental to web classification or threat detection capabilities, so it should be a core criterion when evaluating a vendor. Depending on the use case, false positives or false negatives may be the primary concern when making determinations. Potential vendors should be evaluated for performance in these areas and asked how they approach continuous improvement.

Reliability

Building any third-party service or solution into a product, platform or service entails risk. There’s always the chance the new dependency negatively affects the performance or user experience of a service. So it’s importance to ensure a vendor can reliably deliver consistent performance. Examine each’s track record and customers base, along with the use cases they’ve previously implemented. Do the vendor’s claims match the available evidence? Can current customers be contacted about their experiences with the vendor?

Scalability

In assessing vendors, it can be difficult to determine the level of scalability possible with their platform. It helps to ask questions about how they build and operate their services and looking for examples where they’ve responded to unexpected growth events that can help demonstrate the scaling capabilities of their platform. Be wary of smaller or upstart vendors that may have difficulty when their platform is heavily loaded or when called upon to grow faster than their existing implementation allows.

Flexibility

Some solutions may look technically sound, easily accessible and well-documented while a mutually agreeable business model remains elusive. Conversely, an agreeable business model may not be backed by the efficacy or quality of service that desired from a chosen vendor.

Feedback loops: making the best better

We’re often approached by contacts asking us for a “feed” of some kind. It may be a feed of threat data, malware information or classifications. In fact, many of our competitors simply push data for customers or partners to consume as their “product.” But this approach has inherent weaknesses.

Partnership: not just a customer relationship

As mentioned, we seek to build strong partnerships with mutual long-term benefit. Look for this approach when considering a vendor, knowing you’ll likely be working with them for a long time and fewer changes to your vendor lineup mean more time optimizing your products and services. Ask yourself: Who will we be working with? Do we trust them? How easy are they to get ahold of? These are critical considerations when selecting a vendor for your business.

Summary

We hope to have provided some food for thought when it comes to selecting an integration partner. To read the full whitepaper version of this blog, please click here. We’re always standing by to discuss prospective clients’ needs and to provide any possible guidance regarding our services. We’re here to help you craft the best possible solutions and services. Please contact us to take the next step towards an even more successful

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Reading Time: ~ 4 min.

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now more than ever.

MSPs are ideally positioned to deliver the solutions businesses need in order to adapt to the current environment. In this post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM strategy for capitalizing on the shifting demands of today’s market.

1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience

A cybersecurity GTM strategy is not a one-size-fits-all proposition. Each customer has unique needs. Some operate with higher levels of remote workers than others. Some may have more sensitive data than others. And some will have lower tolerances to the financial impact of a data breach than others. So, understand the current state of your customer’s ability to adequately protect against, prevent, detect and respond to modern cyberthreats, and then focus on what aspects of cybersecurity are important to them.

2.  Leverage Multi-Layered Security

Today’s businesses need a cybersecurity strategy that defends against the methods and vectors of attack employed by today’s cybercriminals. This includes highly deceptive and effective tactics like Ransomware, phishing and business email compromise (BEC). These methods require a layered approach, where each layer addresses a different vulnerability within the larger network topology:

  • Perimeter – This is the logical edge of your customer’s network where potentially malicious data may enter or exit. Endpoints (wherever they reside), network connectivity points, as well as email and web traffic all represent areas that may need to be secured.
  • User – The employee plays a role when they interact with potentially malicious content. They can either be an unwitting victim or actually play a role in stopping attacks. This makes it necessary to address the user as part of your GTM strategy.
  • Endpoint – Consider the entire range of networked devices, including corporate and personal devices, laptops, tablets and mobile phones. Every endpoint needs to be protected.
  • Identity – Ensuring the person using a credential is the credential owner is another way to keep customers secure. 
  • Privilege – Limiting elevated access to corporate resources helps reduce the threat surface.
  • Applications – These are used to access information and valuable data. So, monitoring their use by those with more sensitive access is critical.
  • Data – inevitably, it’s the data that is the target. Monitoring who accesses what provides additional visibility into whether an environment is secure.

For each layer, there’s a specific tactic or vector that can form the basis of an attack, as well as specific solutions that address vulnerabilities at that layer.

3. Determine the Right Pricing Model

Pricing can make or break a managed service. Too high and the customer is turned off. Too low and there’s not enough perceived value. Pricing is the Goldilocks of the MSP world. It needs to be just right.

Unlike most of your other services, cybersecurity is a constantly moving target, which can make pricing a challenge. After all, a predictable service offering equates to a profitable one. The unpredictability of trying to keep your customers secure can therefore impact profitability. So, it’s imperative that you get pricing correct. Your pricing model needs to address a few things:

  • It needs to be easy to understand – Like your other services, pricing should be straightforward.
  • It should demonstrate value – The customer needs to see how the service justifies the expense.
  • It needs to focus on protection – Because you have no ability to guess the scope and frequency of attacks, it’s important to keep the services centered around preventive measures.
  • Consider all your costs – Cost is always a factor for profitability. As you determine pricing, keep every cost factor in mind.

4. Rethink How You Engage Prospects

Assuming you’re going to be looking for new customers with this service offering (in addition to selling it to existing customers), it’s important to think about how to engage prospects. The days of cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead, today’s buyer is looking to establish connections with those they believe can assist their business. Social media sites have become the primary vehicle for a number of aspects of the buyer’s journey:

Build a Cybersecurity GTM Strategy that Works

The biggest challenge with bringing a cybersecurity service to market is meeting the expectations of the prospective customer. Demonstrate value from the very first touch through social media engagement and content. Meet their unique needs with comprehensive solutions that address all their security vulnerabilities. And finally, make sure your pricing is simple, straightforward and easy to understand.

Ransomware: The Bread and Butter of Cybercriminals

Reading Time: ~ 4 min.

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have?

Substitute your digital space for your home and encryption for the safe and you have what’s known as ransomware. Ransomware is a type of malware. After the initial infection, your files are encrypted, and a note appears demanding payment, which is usually in the form of cryptocurrency such as bitcoin because transactions can’t be stopped or reversed. Once your files are encrypted, you can’t access them until you pay the ransom.

The roots of ransomware can be traced back to 1989. The virus, known as PS Cyborg, was spread through diskettes given to attendees of a World Health Organization International AIDS conference. Victims of PS Cyborg were to mail $189 to a P.O. box in Panama to restore access to their data.

Historically, ransomware was mass distributed indiscriminately which happened to be mostly personal machines that ended up getting infected. Today, the big money is in attacking businesses. Most of these infections go unreported because companies don’t want to expose themselves to further attacks or reputational damage.

Criminals know the value of business data and the cost of downtime. Because they service multiple SMB customers simultaneously, managed service providers (MSPs) are now an especially attractive target. A successful attack on an MSP magnifies the impact of attacks and the value of the ransom.

Primary ransomware attack vectors – with more detailed descriptions below – include:

  • Phishing
  • Cryptoworms
  • Polymorphic malware
  • Ransomware as a Service (RaaS)
  • Targeted attacks

Want more on ransomware and how it’s advancing? Click here for a new Community post.

Phishing: Still the No. 1 Ransomware threat

Ninety percent of all Ransomware infections are delivered through email.  The most common way to receive ransomware from phishing is from a Microsoft Office attachment. Once opened the victim is asked to enable macros. This is the trick. If the user clicks to enable the macro, then ransomware will be deployed to the machine. Phishing remains a significant and persistent threat to businesses and individuals. The Webroot 2020 Threat Report showed a 640% increase in the number of active phishing sites since 2019.

Cryptoworms

Cryptoworms are a form of ransomware that able to gain a foothold in an environment by moving laterally throughout the network to infect all other computers for maximum reach and impact. The most spectacular incarnation of a cryptoworm was WannaCry in 2017, where more than 200,000 computers were affected in 150 countries causing hundreds of millions in damages.

Polymorphic malware

One of the more notorious forms of ransomware circulating today is polymorphic malware, which makes small changes to its signature for each payload dropped on machine – effectively making it a brand new, never before seen file. Its ability to morph into a new signature enables it to evade many virus detection methodologies. Studies show that 95% of malware is now unique to a single PC. This is largely due to the shape-shifting abilities of polymorphic malware code. Today, nearly all ransomware is polymorphic, making it more difficult to detect with signature-based, antivirus technologies.

Ransomware as a Service (RaaS)

Ransomware has become so lucrative and popular that it’s now available as a “starter kit” on the dark web. This allows novice cybercriminals to build automated campaigns. Many of these kits are available free of charge for the payload, but criminals owe a cut (around 30% but this can vary based on how many people you infect) to the author for a ransom payment using their payload. Grandcab, also known as Sodinokibi, was perhaps the most famous to use this tactic.

Targeted attacks

Cybercriminals are moving away from mass distribution in favor of highly focused, targeted attacks. These attacks are typically carried out by using tools to automatically scan the internet for weak IT systems. They are usually opportunistic, thanks to the vulnerability scanners used. Targeted attacks often work by attacking computers with open RDP ports. Common targets include businesses with lots of computers but not a lot of IT staff or budget. This usually means education, government municipality, and health sectors are the most vulnerable.

Stay cyber resilient with multi-layered defense

As you can see, ransomware authors have a full quiver of options when it comes to launching attacks. The good news is, there are as many solutions for defending systems against them. The best way to secure your data and your business is to use a multi-layered cyber resilience strategy, also known as defense in depth. This approach uses multiple layers of security to protect the system. We encourage businesses of all sizes to deploy a defense-in-depth strategy to secure business data from ransomware and other common causes of data loss and downtime. Here’s what that looks like.

Backup

Backup with point-in-time restore gives you multiple recovery points to choose from. It lets you roll back to a prior state before the ransomware virus began corrupting the system.

Advanced threat intelligence

Antivirus protection is still the first line of defense. Threat intelligence, identification and mitigation in the form of antivirus is still essential for preventing known threats from penetrating your system.

Security awareness training

Your biggest vulnerability is your people. Employees need to be trained on how to spot suspicious emails and what to do in case they suspect an email is malicious. According our research, regular user training can reduce malware clickthrough rates by 220%.

Patch and update applications

Cybercriminals are experts at identifying and exploiting security vulnerabilities. Failing to install necessary security patches and update to the latest version of applications and operating systems can leave your system exposed to an attack.

Disable what you’re not using

Disable macros for most of the organization as only a small percentage will need them. This can be done by user or at the group policy level in the registry. Similarly, disabling scripts like HTA, VBA, Java, and Powershell will also stop these powerful tools that criminals use to sneak infections into an environment.

Ransomware mitigation

Make sure your IT staff and employees know what to do when a ransomware virus penetrates your system. The affected device should immediately be taken offline. If it’s a networked device, the entire network should be taken down to prevent the spread of the infection.

Want to learn more about how to protect your business or clients from ransomware? Here are five actionable tips for better defending against these attacks.

10 Ways a Commercial DNS Filtering Service Improves Your Cyber Resilience

Reading Time: ~ 3 min.

If you’ve landed on this blog, then there’s a good chance you’re already aware that DNS is undergoing a major overhaul. DNS 2.0—aka encrypted DNS, DNS over HTTPS, or DoH—is a method for encrypting DNS requests with the same HTTPS standard used by numerous websites, such as online banking, to protect your privacy when dealing with sensitive information display.

While there’s no doubt that DoH offers incredible privacy benefits, it also has the potential to be a major security risk for businesses. That’s because DoH effectively wraps DNS requests in encryption protocols, which prevent traditional DNS or web filtering security solutions from being able to filter requests to malicious, risky, or otherwise unacceptable or inappropriate websites.

Although some DNS filtering solutions are now making moves to modernize, many of them simply provide the option to either allow or block all DoH requests, rather than offering any sort of nuanced control.

“That’s really where Webroot® DNS Protection differs from the competition,” says George Anderson, product marketing director at Webroot, an OpenText company. “Ours is currently the only DNS security product that lets businesses fully leverage DoH and its privacy benefits. Our solution encrypts data using HTTPS to route DNS requests through secure Webroot resolvers to prevent eavesdropping, manipulation, or exploitation of data.”

How a Commercial DNS Filtering Service is a Game Changer

According to George, the cyber resilience benefits of using a private, commercial DNS security service that fully supports DoH are numerous. When we asked him to narrow down to his top 10, here’s what he had to say.

  1. First, it provides a very secure, reliable, multi-point of presence connection to the internet with high availability.
  2. Second, trusted DNS resolvers process ALL of your internet requests—we are talking any user, server, or application using the internet with a single, tamperproof choke point for admin and policy request controls.
  3. Third is confidentiality. It keeps your organization’s internet requests private and invisible to malicious actors, your ISP, and so-called “free” DNS resolvers—all of whom can abuse this data.
  4. It then gives your organization full visibility and log access to all of your internet traffic requests, allowing for security analysis and management through reports or ingestion via a SIM/SIEM.
  5. With Webroot, you also get transparent security policy filtering of both encrypted (DoH) and clear text (DNS) requests.
  6. Webroot BrightCloud® threat intelligence data automatically applies the latest and most accurate internet domain security in real time to every outbound request, regardless of source, meaning we stop the majority of malicious and suspicious request responses that could have led to a breach.
  7. A commercial service also provides the flexibility to manage internet access for guest/public WiFi networks, IP address ranges, user groups down to individual user, and lets you filter using a wide range of domain categories.
  8. In the context of WFH, if the user is connected to the internet via VPN or a local DNS agent on their device, then a DNS filtering solution protects them no matter where they connect.
  9. Also, from a WFH perspective, you need your DNS security service to integrate with the majority of VPNs and work easily with your other security and network technologies.
  10. Lastly, and definitely key your organization, a commercial DNS security service can offer great visibility into internet usage with scheduled executive reporting that lets you oversee internet use, assist with HR initiatives, and help ensure compliance.

As DoH continues to grow in adoption, George advises all businesses to be proactive about their cyber resilience strategies. Particularly as more work is conducted outside of more traditional office settings, it’s critical to understand and embrace the value that a flexible cloud gateway—whose protection is not confined to a physical network—can offer.

“Ultimately, in a world where many companies continue to support remote workers, businesses really can’t afford not to use a filtering solution that provides both privacy and security control.”

– George Anderson, product marketing director at Webroot, an OpenText company

Learn more about Webroot’s answer to DNS filtering or take a free trial of Webroot DNS Protection here.

Company Culture and Cyber Resilience by the Numbers

Reading Time: ~ 2 min.

There’s no doubt we’ve all had to change our work habits as a result of the global coronavirus pandemic. Companies have had to adapt rapidly to smooth the transition to work from home. But companies will have to do more than adapt if they’re going to make cyber resilience a long-term priority going forward. As the edge of the network expands to include thousands of home networks and devices, it’s going to fall on leadership to establish a culture of cyber resilience, so employees internalize cyber security best practices instinctively.

What is a cyber resilient culture?

We asked Principal Product Manager Philipp Karcher what a cyber resilient culture is and what it takes to establish one at an organization. He said a culture of cyber resilience recognizes that everyone – not just IT – has role in cyber security. Karcher defines cyber resilience as the application of the same principles of IT resiliency so that employees:

Business benefits of security training

When businesses internalize this culture, they’re better prepared, better able to respond and better positioned to experience growth, Karcher says. Asking employees to devote time and effort toward security awareness is an investment in the future of the business.

On the other hand, businesses that don’t actively work toward a culture of cyber resilience are more vulnerable to cyberattack. Their employees are more likely to practice poor password hygiene, click on something they shouldn’t and make other mistakes, like misconfiguring access rights or accidentally sending someone the wrong file.

Cyber Resilience training delivers results

While IT resilience focuses on hardening data and applications, your overall cyber resilience as an organization depends equally on making users resilient. This should include a program of training and communication on security issues employees need to be aware of and education on how to properly respond to incidents.

We believe that when you look at the results of Webroot’s training program, it’s no wonder why it was recognized as a Strong Performer in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020. According to data from the Webroot Threat Research team:

Webroot also partnered with leading cybersecurity education content provider, NINJIO, to deliver engaging three-to-four-minute Hollywood-style micro-learning videos that feature updated COVID-19 content and encourage cyber resilient behavior, like identifying phishing emails and malicious URLs. 

In addition to regular employee training, Karcher says businesses should publish regular communications on security topics in the form of emails, internal social media, posters and videos. Examples include coverage of real-world threats they need to defend against in their work and personal lives, and industry news about other businesses that were adversely affected by attacks.

Cyber resilience can only become a part of culture through sustained, long term engagement – not just annual check-box training.

Interested in implementing a culture of cyber resilience? Take the first step here.