Business + Partners

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click? That’s what we wanted...

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of...

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now...

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have? Substitute your digital...

How to Build Successful Security Awareness Training Programs in 2021 and Beyond

Security awareness training is one of the most straightforward ways to improve a business’ overall resilience against cyberattacks. That is, when you get it just right.

Thanks to the disruptions to “normal” work routines that COVID-19 has brought, launching a company-wide training program to teach end users how to avoid phishing scams and online risks is a big challenge. Unfortunately, COVID-19 has also brought a major acceleration in phishing activity. With so many office employees working outside the safety of corporate network protections, you can see why the need for training has never been more critical.

But there’s another issue: training is outside the skillset for most IT admins, and the level of effort to set up and run a program of training courses, compliance accreditations and phishing simulations can be daunting.

To help you get started, here are our top 5 recommendations for starting your security awareness program so you can maximize the impact of your efforts.

  1. Get buy-in from stakeholders.

    While you probably already have some combination of security tools in place, such as endpoint protection, DNS or web filtering, etc., the 2020 Verizon Data Breach Investigations Report states that phishing and social engineering are still the primary tactics used in successful cybersecurity breaches.

    Make sure your stakeholders understand these threats. Send an email introducing the program to management and clearly explain the importance of educating users and measuring and mitigating your risk of exposure to phishing and other social engineering attacks.
  1. Start with a baseline phishing campaign.

    When you run your first phishing campaign, you establish your starting point for measuring and demonstrating improvement over time. (You can also use this real-world data to accurately show the need for improvement to any still-skeptical stakeholders.) Ideally this initial campaign should be sent to all users without any type of forewarning or formal announcement, including members of leadership teams. Make sure to use an option that simply shows a broken link to users who click through, instead of alerting them to the campaign, so you can prevent word-of-mouth between employees from skewing the results.
  1. Set up essential security and compliance training.

    Create training campaigns to cover essential cybersecurity topics including phishing, social engineering, passwords and more. Establish which compliance courses are appropriate (or required) for your organization and which employees need to complete them.
  1. Establish a monthly phishing simulation and training cadence.

    Repetition and relevance are key for a successful security awareness training program. By setting up a regular simulation and training schedule, you can more easily measure progress and keep an eye on any high-risk users who might need extra attention. Using our shorter 4-5-minute modules in between more substantial training is an effective tactic to keep security top of mind while avoiding user fatigue. And if you can’t run phishing simulations monthly, strive for a quarterly cadence. If you get pushback on sending emails to everyone, then we recommend you prioritize testing users who failed the previous round.
  1. Communicate results

    A great way to raise awareness and increase the impact of your phishing campaigns is to share the results across the organization. Keep in mind, the goal is to capitalize on collective engagement and share aggregate results, not to call out individuals. (Your “offenders” will recognize themselves anyway.)

    The critical piece is seeing the statistics on where the organization stands as a whole. After the baseline phishing simulation, send out an email to all employees with the results and the reasoning for the campaign. Communicating these numbers will not only help show improvement over time, it’ll also demonstrate the value of the program overall and reinforce to employees that cyber resilience isn’t just IT’s job – it’s a responsibility we all share.

Although there are numerous other tips and tricks that can help ensure the success of your security awareness training program, these are our top five basic pieces of advice to get you on your way. When you follow these steps, it won’t take long to see the very real returns on your training investment.

For more detailed tips on how you can put Webroot® Security Awareness Training to work to improve your business’ cyber resilience posture, view our white paper.

Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021

The cybersecurity industry and end-of-year predictions go together like Fall and football or champagne and the New Year. But on the heels of an unprecedented year, where a viral outbreak changed the landscape of the global workforce practically overnight, portending what’s in store for the year ahead is even trickier than usual.  

One thing the cybersecurity experts at Webroot agree on is that work from home is here to stay for 2021, or at least it won’t recede to pre-pandemic levels in even the medium-term. What is likely to change is how companies respond to their remote workforces. The security measures they take (or don’t), the educational opportunities they provide (or fail to) and their commitment to innovation (or lack thereof) will likely separate the winners from the losers in the year ahead.

Yes, cybersecurity for remote workforces will likely be a prevailing concern throughout 2021, even following positive news on the vaccine development front, according to Webroot experts. Another prevailing theme from the professionals here, when asked to make their annual predictions for the new year, is that a cybersecurity skills gap will continue to haunt businesses and pose opportunities for those looking to start their careers in the field or make the switch to it. As such, automation and the adoption of AI technologies will be critical to plugging the gap.

Read on for more details from leading engineers, security analysts and product specialists from around our organization for complete cybersecurity predictions for 2021. Take heart because, whatever happens, 2020 won’t be easily outdone (knock on wood).

On remote workforces and the problem of personal devices

David Dufour, VP of engineering, Carbonite + Webroot

In 2021, many businesses will continue to operate remotely as a result of the pandemic and there must be an emphasis on training employees on security best practices, how to identify modern threats such as phishing, and where company data is being accessed and stored. Phishing is going to remain one of the most prominent ways to attack users and will become more sophisticated as it’s tailored to take advantage of work-from-home setups and distractions.  

Grayson Milbourne, security intelligence director, Carbonite + Webroot

The biggest change for 2021 will be securing remote workforces and remote perimeters, which include home networks and home devices, particularly personal devices. These all add their own challenges. Home networks and their configurations are diverse. Many use out-of-date routers with insecure settings. Personal devices are often used for work and, as we saw in our 2020 Threat Report, are twice as likely as business devices to encounter infections. If not addressed, this could have a serious impact on businesses in the coming year.

Hal Lonas, CTO and SVP of SMB engineering, Carbonite + Webroot

We shouldn’t overlook the incredible societal and behavioral changes underway right now. These put all of us in new situations we’ve never encountered before. These new contexts create new opportunities for social engineering attacks like phishing and scare tactics to get us to open emails and click on fraudulent links.

Tyler Moffitt, Sr. security analyst, Carbonite + Webroot

It really doesn’t matter the company or the length of the work-from-home stint, one thing that’s constant is that professionals at home are using their personal devices and personal network. Securing the remote perimeter is going to be the biggest challenge for cybersecurity professionals now through 2021 because laptops issued to professional workforce are much more secure than personal devices.

Personal devices are twice as likely to be infected than business devices. Even more worrying, we saw with our new COVID-19 report that one-third of Americans will use personal devices when working from home. Businesses will need to account for that.

Jamie Zajac, VP of product management, Carbonite + Webroot

I predict that in 2021 vulnerable industries like hospitality, travel and retail will start to use even more remote access platforms like Square and others. This transfers a lot of control to a third-party, so it’s essential companies make sure their data is protected on their end, that their vendors are trustworthy and that their reputation is safe from the damage an internal breach could cause

On the cybersecurity skills shortage

Briana Butler, engineering services manager, Carbonite + Webroot

Moving forward, cybersecurity professionals will need greater data analysis skills to be able to look at large sets of data and synthesize the information so organizations can derive actionable value from it. In 2021, organizations need to start implementing programs to upskill their current cybersecurity workforce to focus on the skills they’ll need for the future such as analyzing complex data, developing algorithms, and understanding machine learning techniques.

David Dufour, VP of engineering, Carbonite + Webroot

The cyber skills gap will continue to be an issue in 2021 because companies continue to believe they understand cybersecurity and, as a result, tend to spend less on external cybersecurity resources. This leads to a feeling of false security and, unfortunately, inadequate security.

Cybersecurity requires a financial investment to truly meet an organizations’ needs and to enact processes for securing systems. It’s much more effective to invest in a few, solid security processes and to address gaps at the outset than it is to implement an inexpensive, broad security solution that falls short in key areas.

Hal Lonas, CTO and SVP of SMB engineering, Carbonite + Webroot

The pandemic has also changed the game for managed service providers (MSPs). They’re used to running a thin-margin business, but this has become even more difficult as their small business customers struggle. MSPs are fortunately heavily automated, but now they are under increasing pressure to deliver more with less. MSPs more than ever need automated solutions that make it easy for them to manage, secure and restore customers when incidents do occur. Some of that automation will come from AI, but auto-remediation, backup and restore capabilities are also important.

Looking ahead to 2021

Whatever 2021 is, at least 2020 will be over, right? But in all seriousness, the virus does not respect our calendar transitions and its implications will certainly bleed over into the New Year. Much has been made of a supposed “new normal,” but to truly arrive there, companies must account for the new realities of pervasive remote work and an exacerbated cybersecurity skills shortage.

If there’s one takeaway from our experts’ predictions for 2021, it’s that.

Staying a Step Ahead of the Hack

Hackers, never at a loss for creative deception, have engineered new tactics for exploiting the weakest links in the cybersecurity chain: ourselves! Social engineering and business email compromise (BEC) are two related cyberattack vectors that rely on human error to bypass the technology defenses businesses deploy to deter malware.

Social Engineering

Social Engineering is when hackers impersonate trusted associates or acquaintances to manipulate people into giving up their passwords, banking information, date of birth or anything else that could be used for identity theft. As it turns out, it’s easier to hack our trust than our computers. Social engineering covers a range of tactics:

  • Email from a friend or family member – A hacker gets access to the email password of someone you know. From there, they can send you a malicious link in an email that you’re more likely to click on because it came from someone you trust.
  • Compelling story (pretexting) – This includes urgently asking for help. This can read like, “Your friend is in danger and they need your help immediately – please send me money right away so they can get treatment!”
  • Standard phishing tactics – Phishing techniques include website spoofing emails appearing to come from an official source asking you to reset your password or confirm personal data. After clicking the link and entering the info, your security is compromised.
  • “You’re a winner” notifications ­– Whether a lottery prize or a free trip to Cancun, this tactic catches many off guard. It’s known as “greed phishing” and it takes advantage our fondness for pleasure or weakness for the word “free.”

Business Email Compromise

Business email compromise is a targeted attack against corporate personnel, usually someone with the authority to request or fulfill a financial transaction. Victims execute seemingly routine wire transfers to criminals impersonating legitimate business associates or vendors.

This form of fraud relies on a contrived pretext to request a payment or purchase be made on the attacker’s behalf. According to the FBI, BEC attacks resulted in more than $26 billion (you read that right) between June 2016 and July 2019. Here are a few tips for protecting users and businesses from BEC attacks:

Slow down – BEC attacks combine context and familiarity (an email from your boss) with a sense of urgency (I need this done now!). This causes victims to lose their critical thinking capabilities.

Don’t trust, verify – Never use the same channel, in this case email, to verify the identity of the requester. Pick up the phone and call, or use video chat.

Prepare for the inevitable – Use all the technology at your disposal to ensure a BEC attack doesn’t succeed. Machine learning-enabled endpoint security solutions can help identify malicious sites.

Address the weakest link – Train users to spot BEC attacks. Webroot testing shows that phishing simulations can improve users’ abilities to spot attacks.

Perfecting Your Posture

Webroot Security Intelligence Director, Grayson Milbourne, offers several suggestions that companies can do to increase their security posture. First, he says, “Whenever money is going to be sent somewhere, you should have a two-factor verification process to ensure you’re sending the money to the right person and the right accounts.”

Milbourne is also a big advocate of security awareness training. “You can really understand the security topology of your business with respect to your users’ risk factors,” he says. “So, the engineering team might score one way and the IT department might score another way. This gives you better visibility into which groups within your company are more susceptible to clicking on links in emails that they shouldn’t be clicking.”

With the increase in scams related to the global COVID-19 pandemic, timely and relevant user education is especially critical. “COVID obviously has been a hot topic so far this year, and in the last quarter we added close to 20 new templates from different COVID-related scams we see out in the wild,” Milbourne says.

“When we look at first-time deployment of security awareness training, north of 40% of people are clicking on links,” Milbourne says. “Then, after going through security awareness training a couple of times, we see that number dip below 10%.”

Where to learn more

Our newest research on phishing attacks and user (over)confidence, “COVID-19 Clicks: How Phishing Capitalized on a Global Crisis” is out now, check it out!

Why Workers Aren’t Confident in their Companies’ Security (and What to Do About it)

According to data from a recent report, only 60% of office workers worldwide believe their company is resilient against cyberattacks. Nearly one in four (23%) admit to not knowing, while nearly one in five (18%) flat-out think it isn’t.

In the anonymous, write-in responses to the survey, many workers agreed that their employers could be doing more to support them and ensure their security. When asked to elaborate on why they didn’t believe their company was resilient against attacks, the most-repeated answers were along the following lines:

  • My company has been hacked before.
  • My company doesn’t prioritize security/security spend.
  • My company’s equipment and software are poorly maintained.
  • My company outsources its security, so we have no direct control.
  • I still get phishing emails. Our filtering must not be good enough.

These types of responses highlight two things: a general lack of faith in the company’s security and the perception that companies aren’t investing enough in security systems OR their employees. When considered alongside another question from the survey, there seems to be a third factor at play: there is also confusion as to who should be responsible for a company’s cyber resilience in the first place.

Overall, only 14% of office workers worldwide consider cyber resilience to be a responsibility all employees share. If workers also feel their companies don’t invest enough in them or the tools that protect them, it makes sense that they might not feel like cyber resilience is something they should worry about. If a person feels their employer doesn’t value them appropriately or empower them with the right tools to do their jobs, then the notion of having to expend one’s own time and energy on the company’s security could rankle. So how do you overcome the challenge of personal investment?

How to empower your people and your security

Investment

Dr. Prashanth Rajivan, cybersecurity and human behavior expert, says businesses that want to foster a feeling of personal investment must first tackle the notion of shared responsibility. He explains that, when people perceive themselves to have a greater responsibility to others, their average level of willingness to engage in risky behavior decreases.

“If you’re asking individuals to make changes to their own behavior for the greater safety of all, then you need to make it clear that you are willing to invest in them. By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture.” – Prashanth Rajivan, Ph.D.

One way to both empower your workforce to become a strong first line of defense while also demonstrating investment is by implementing a security awareness training program with phishing simulations, as well as giving employees enough time to carefully and thoughtfully complete the learning exercises and understand any applicable feedback.

Consistency

According to Phil Karcher, principal product manager in charge of Webroot® Security Awareness Training, running regular, up-to-date training on an ongoing basis is one of the best ways to help end users avoid attacks and become a strong first line of defense for the company as a whole.

“Data from Webroot® Security Awareness Training shows that, if you want people to make lasting changes to their behavior, you have to run consistent, relevant training courses and phishing simulations that are also varied enough that people won’t get bored or find them predictable. Running a second simulation makes a dramatic impact — and it only gets better from there.”

– Philipp Karcher, principal product manager, Carbonite + Webroot, OpenText Companies
Number of Phishing SimulationsClick-through Rate
111%
2-38%
4-106%
11-145%
15-174%

Feedback

Dr. Rajivan also reminds us that human behavior is shaped by experience and reinforcement. He and Phil agree that consistency is key for empowering your workforce to become more resilient. But Dr. Rajivan also stresses the importance of feedback over consequences.

“Without appropriate feedback, no amount of training will be effective. And because the average person handles uncertainty poorly, training must include a variety of different scenarios. Human behavior is shaped through varied experiences, with a mix of positive and negative outcomes and applicable feedback.

This feedback and incentive structure needs to be carefully calibrated. Too much could lead to heightened anxiety and false alarms, but too little could lead to underweighted risk, i.e. people knowing the correct actions, but not taking them.”

– Prashanth Rajivan, Ph.D.

Next steps

As phishing attacks continue to be a primary way that businesses get breached, the need for consistent end user education is clear. And by implementing a regular training regimen, you can demonstrate care and investment in your people, educate employees on scams, risks and what to do if the unthinkable happens, and successfully build cyber resilience into your overall company culture.

To take the first step towards cyber resilience and trial an engaging Security Awareness Training program, Take a Free Trial.  

Small Businesses are Counting on Their MSPs this Small Business Saturday

This November 28 may be the most important Small Business Saturday since the occasion was founded by American Express in 2010.

As early as July, nearly half (43 percent) of small businesses had closed at least temporarily, according to a study published in the Proceedings of the National Academy of Sciences. Research also suggests that 30 percent of small businesses expect to exhaust their cash on hand before year’s end. Eighty-eight percent have already spent the funds allocated to them by the U.S. government’s Paycheck Protection Program loan.

While hopes will be buoyed for some by recent positive developments in the search for a vaccine, uncertainty and hard times no doubt still lie ahead. That’s why Webroot encourages advocates and partners to shop small this November 28. For our customers, we aim to be a source of support and sound consultation as we recover together.

Challenges and opportunities for small businesses and MSPs

Many of the small businesses affected by COVID-19 are among Webroot’s clientele. Many more, especially managed service providers, count small businesses as their most important customers. We’ve heard from many who are suffering from lost contracts following office closures, fewer onsite projects, disappearing budgets for business development projects and a general slowdown of new business.

Others are witnessing a shift in the work they do and the services most in-demand. For some, COVID-related challenges have presented opportunities to step up and offer services made necessary by new realities. Unsurprisingly, the already trending adoption of cloud infrastructure has quickened its pace in the age of remote work.

“We’ve had to speed up migrating some clients on-premise file servers to online cloud solutions,” according to Russell Harris, a support engineer and project manager at Maya Solutions Ltd., a UK-based MSP specializing in Apple product support

For David Yates, president of Geeks R Us, a West Coast provider of various technical services, the shift to remote work was the push some of his customers needed to leave physical servers behind.

“A few clients who were reluctant to move to the cloud have now embraced it. This was the impetus that they needed to finally migrate away from on-premise servers,” he said.

Many MSPs have also taken it upon themselves to guide their clients through the transition to remote work, especially in terms of security.

“We’ve had to shift to more cloud, VPN and helping our clients work remotely,” says Nathan Hardester, a telecoms administrator with Whidbey Tech Solutions, a Washington-based MSP.

Cybersecurity education is another opportunity for MSPs looking to help small business clients up their cyber resilience. We know that many office workers are overly confident in their ability to detect a phishing attack, so MSPs should position themselves as educators. Already, in the COVID-era, some are finding themselves do exactly that.

Asked what’s changed at Maya Solutions since the pandemic, Harris responds “needing to provide additional training on online safety due to many working from home on their own devices.”

Making it through together

Many MSPs—often small businesses themselves—rely on their small business clients run for their success. And on this Small Business Saturday, small businesses need us all more than ever. Despite the challenges, there are opportunities for MSPs to step up and guide their clients through the changing way we work.

For more tips on staying cyber resilient through COVID-19 and beyond, stay tuned to our Community threat and check out these tips for MSPs looking to help small businesses bounce back.

Getting to Know Cloudjacking and Cloud Mining Could Save Your Business

A few years back, cryptojacking and cryptomining emerged as relatively low-effort ways to profit by hijacking another’s computing resources. Today, cloudjacking and cloud mining capitalize on similar principles, only by targeting the near infinite resources of the cloud to generate revenue for attackers. Knowing this growing threat is key to maintaining cyber resilience.

Enterprise-level organizations make especially attractive cloudjacking targets for a few reasons. As mentioned, the computing power of cloud networks is effectively limitless for all but the most brazen cybercriminals.

Additionally, excess electricity consumption, one of the most common tipoffs for smaller scale cryptojacking attacks, often goes unnoticed at the scale large corporations are used to operating. The same goes for CPU.

Careful threat actors can also throttle back the amount of resources they’re ripping off—when attacking a smaller organization, for instance—to avoid detection. Essentially, the resources stolen at any one time in these attacks are a drop in the Pacific Ocean to their largest targets. Over time, though, and depending on particulars of a usage contract, the spend for CPU used can really add up.

“Hackers have definitely transitioned away from launching ransomware attacks indiscriminately,” says Webroot threat analyst Tyler Moffitt. “It used to be, ‘everybody gets the same payload, everyone has the same flat-rate ransom.’

“That’s all changed. Now, ransomware actors want to go after businesses with large attack surfaces and more pocketbook money than, say, grandma’s computer to pay if they’re breached. Cloud is essentially a new market.”

High-profile cloudjacking incidents

Arguably the most famous example of cloudjacking, at least in terms of headlines generated, was a 2018 attack on the electric car manufacturers Tesla. In that incident, cybercriminals were discovered running malware to leech the company’s Amazon Web Service cloud computing power to mine cryptocurrency.

Even with an organization of Tesla’s scale, the attackers reportedly used a throttling technique to ensure their operations weren’t uncovered. Ultimately, they were reported by a third-party that was compensated for their discovery.  

More recently, the hacking group TeamTNT developed a worm capable of stealing AWS credentials and implanting cloudjacking malware on systems using the cloud service. It does this by searching for accounts using popular development tools, like Docker or Kubernets, that are both improperly configured and running AWS, then performing a few simple searches for the unencrypted credentials.

TeamTNT’s total haul remains unclear, since it can spread it’s ‘earnings’ across multiple crypto wallets.  The fear though, now that a proven tactic for lifting AWS credentials is out in the wild, is that misconfigured cloud accounts will become prime targets for widespread illicit cloud mining.

SMBs make attractive targets, too

Hackers aren’t just launching cloudjacking attacks specifically against storage systems and development tools. As with other attack tactics, they often see MSPs and small and medium-sized businesses (SMBs) as attractive targets as well.

“Several attacks in the first and second quarters of 2019 involved bad actors hijacking multiple managed service providers,” says Moffitt. “We saw that with Sodonakibi and GrandCrab. The same principles apply here. Hacking a central, cloud-based property allows attackers to hit dozens and potentially hundreds of victims all at once.”

Because smaller businesses typically share their cloud infrastructure with other small businesses, compromising cloud infrastructure can provide cybercriminals with a trove of data belonging to several concerned owners.

“The cloud offers an attractive aggregation point as it allows attackers access to a much larger concentration of victims. Gaining access to a single Amazon web server, for instance, could allow threat actors to steal and encrypt data belonging to dozens of companies renting space on that server hostage,” says Moffitt. 

High-value targets include confidential information like mission-critical data, trade secrets, unencrypted tax information or customer information that, if released, would violate privacy laws like GDPR and CCPA.

Some years ago, smaller businesses may have escaped these cloud compromises without too much disruption. Today, the data and services stored or run through the cloud are critical to the day-to-day even for SMBs. Many businesses would be simply crippled should they lost access to public or private cloud assets.

The pressure to pay a ransom, therefore, is significantly higher than it was even three years ago. But ransoms aren’t the only way for malicious actors to monetize their efforts. With cloud mining, they can get right to work making cryptocurrency while evading notice for as long as possible.

How to protect against cloudjacking and cloud mining

Moffitt recommends using “versioning” to guard against cloudjacking attacks. Versioning is the practice of serializing unalterable backups to prevent them from being deleted or manipulated.

 “That means not just having snapshot or history copies—that’s pretty standard—since with ransomware we’ve seen actors encrypt all of those copies. So, my suggestion is creating immutable backups. It’s called versioning, but these are essentially snapshot copies that can never be edited or encrypted.”

Moffitt says many service providers have this capability, but it may not be the default and need to be switched on manually.

Two more tactics to adopt to defend against cloud jacking involve monitoring your configurations and monitor your network traffic. As we’ve seen, capitalizing on misconfigured AWS infrastructure is one of the more common ways for cybercriminals to disrupt cloud services.

Security oversight of devops teams setting up cloud applications is crucial. There are tools available that can automatically discover resources as soon as they’re created, determine the applications running on the resource and apply appropriate policies based on the resource type.

By monitoring network traffic and correlating it with configuration data, companies are able to spot suspicious network traffic being generated as they send work or hashes to public mining pools that are public and could help identify where mining is being directed. 

There tends to be a learning curve when defending against emerging attacks. But if businesses are aware of how cloud resources are manipulated by threat actors, they can be on guard against cloudjacking by taking a few simple steps, increasing their overall cyber resilience.

The Nastiest Malware of 2020

For the third year running, we’ve examined the year’s biggest cyber threats and ranked them to determine which ones are the absolute worst. Somewhat unsurprisingly, phishing and RDP-related breaches remain the top methods we’ve seen cybercriminals using to launch their attacks. Additionally, while new examples of malware and cybercriminal tactics crop up each day, plenty of the same old players, such as ransomware, continue to get upgrades and dominate the scene.

For example, a new trend in ransomware this year is the addition of a data leak/auction website, where criminals will reveal or auction off data they’ve stolen in a ransomware attack if the victim refuses to pay. The threat of data exposure creates a further incentive for victims to pay ransoms, lest they face embarrassing damage to their personal or professional reputations, not to mention hefty fines from privacy-related regulatory bodies like GDPR.

But the main trend we’ll highlight here is that of modularity. Today’s malicious actors have adopted a more modular malware methodology, in which they combine attack methods and mix-and-match tactics to ensure maximum damage and/or financial success.

Here are a few of nastiest characters and a breakdown of how they can work together.

  • Emotet botnet + TrickBot Trojan + Conti/Ryuk ransomware
    There’s a reason Emotet has topped our list for 3 years in a row. Even though it’s not a ransomware payload itself, it’s the botnet that is responsible for the most ransomware infections, making it pretty darn nasty. It’s often seen with TrickBot, Dridex, QakBot, Conti/Ryuk, BitPaymer and REvil.

    Here’s how an attack might start with Emotet and end with ransomware. The botnet is used in a malicious spam campaign. An unwitting employee at a company receives the spam email, accidentally downloads the malicious payload. With its foot in the door, Emotet drops TrickBot, an info-stealing Trojan. TrickBot spreads laterally through the network like a worm, infecting every machine it encounters. It “listens” for login credentials (and steals them), aiming to get domain-level access. From there, attackers can perform recon on the network, disable protections, and drop Conti/Ryuk ransomware at their leisure.
  • Ursnif Trojan + IcedID Trojan + Maze ransomware
    Ursnif, also known as Gozi or Dreambot, is a banking Trojan that has resurfaced after being mostly dormant for a few years. In an attack featuring this troublesome trio, Ursnif might land on a machine via a malicious spam email, botnet, or even TrickBot, and then drop the IcedID Trojan to improve the attackers’ chances of getting the credentials or intel they want. (Interestingly, IcedID has been upgraded to use steganographic payloads. Steganography in malware refers to concealing malicious code inside another file, message, image or video.) Let’s say the Trojans obtain the RDP credentials for the network they’ve infected. In this scenario, the attackers can now sell those credentials to other bad actors and/or deploy ransomware, typically Maze. (Fun fact: Maze is believed to have “pioneered” the data leak/auction website trend.)
  • Dridex/Emotet malspam + Dridex Trojan + BitPaymer/DoppelPaymer ransomware

Like TrickBot, Dridex is another very popular banking/info-stealing Trojan that’s been around for years. When Dridex is in play, it is either dropped via Emotet or its authors’ own malicious spam campaign. Also like TrickBot, Dridex spreads laterally, listens for credentials, and typically deploys ransomware like BitPaymer/DoppelPaymer.

As you can see, there are a variety of ways the attacks can be carried out, but the end goal is the more or less the same. The diverse means just help ensure the likelihood of success.

The characters mentioned above are, by no means, the only names on our list. Here are some of the other notable contenders for Nastiest Malware.

  • Sodinokibi/REvil/GandCrab ransomware – all iterations of the same ransomware, this ransomware as a service (RaaS) payload is available for anyone to use, as long as the authors get a cut of any successful ransoms.
  • CrySiS/Dharma/Phobos ransomware – also RaaS payloads, these are almost exclusively deployed using compromised RDP credentials that are either brute-forced or easily guessed.
  • Valak – a potent multi-functional malware distribution tool. Not only does it commonly distribute nasty malware such as IcedID and Ursnif, but it also has information stealing functionalities built directly into the initial infection.
  • QakBot – an info-stealing Trojan often dropped by Emotet or its own malspam campaigns with links to compromised websites. It’s similar to TrickBot and Dridex and may be paired with ProLock ransomware.

Combine protections to combat combined attacks.

If businesses want to stay safe, they need to implement multiple layers of protection against these types of layered attacks. Here are some tips from our experts.

  • Lock down RDP. Security analyst Tyler Moffitt says unsecured RDP has risen over 40% since the COVID-19 pandemic began because more businesses are enabling their workforce to work remotely. Unfortunately, many are not doing so securely. He recommends businesses use RDP solutions that encrypt the data and use multi-factor authentication to increase security when remoting into other machines.
  • Educate end users about phishing. Principal product manager Phil Karcher points out that many of the attack scenarios listed above could be prevented with stronger phishing/spam awareness among end users. He recommends running regular security training and phishing simulations with useful feedback. He also says it’s critical that employees know when and how to report a suspicious message.
  • Install reputable cybersecurity software. Security intelligence director Grayson Milbourne can’t stress enough the importance of choosing a solution that uses real-time threat intelligence and offers multi-layered shielding to detect and prevent multiple kinds of attacks at different attack stages.
  • Set up a strong backup and disaster recovery plan. VP of product management Jamie Zajac says that, particularly with a mostly or entirely remote workforce, businesses can’t afford not to have a strong backup. She strongly recommends regular backup testing and setting alerts and regular reporting so admins can easily see if something’s amiss.

Discover more about the 2020’s Nastiest Malware on the Webroot Community.

What DoH Can Really Do

Fine-tuning privacy for any preference

A DNS filtering service that accommodates DNS over HTTPS (DoH) can strengthen an organization’s ability to control network traffic and turn away threats. DoH can offer businesses far greater control and flexibility over their privacy than the old system.

The most visible use of DNS is typically the browser, which is why all the usual suspects are leading the charge in terms of DoH adoption. This movement has considerable steam behind it and has extended beyond just applications as Microsoft, Apple and Google have all announced their intent to support DoH.

Encrypting DNS requests is an indisputable win for privacy-minded consumers looking to prevent their ISPs from snooping on and monetizing their browsing habits. Businesses, on the other hand, should not easily surrender this visibility since managing these requests adds value, helping to keep users from navigating to sites known to host malware and other threats.

Here are three examples of how.

1.  By enhancing DNS logging control

Businesses have varying motivations for tracking online behavior. For persistently troublesome users—those who continuously navigate to risky sites—it’s beneficial to exert some control over their network use or even provide some training on what it takes to stay safe online. It can also be useful in times of problematic productivity dips by helping to tell if users are spending inordinate amounts of time on social media, say.

On the other hand, for CEOs and other strategic business units, tracking online activity can be cause for privacy concerns. Too much detail into the network traffic of a unit tasked with investigating mergers and acquisitions may be unwanted, for example.

“If I’m the CEO of a company, I don’t want people paying attention to where I go on the internet,” says Webroot DNS expert Jonathan Barnett. “I don’t want people to know of potential deals I’m investigating before they become public.”

Logging too much user information can also be problematic from a data privacy perspective. Collecting or storing this information in areas with stricter laws, as in the European Union, can unnecessarily burden organizations with red tape.

“Essentially it exposes businesses to requirements concerning how they’re going to use that data, who has access to it and how long that data is preserved” says Barnett.

By optionally never logging user information and backing off DNS logging except when a request is deemed a security threat, companies maintain both privacy and security.

2. By allowing devices to echo locally

With DoH, visibility of DNS requests is challenging. The cumulative DNS requests made on a network help to enhance its security as tools such as SIEMs and firewalls leverage these requests by controlling access as well as corelating the requests with other logs and occurrences on the network. 

“Let’s say I’m on my network at the office and I make a DNS request,” explains Barnett. “I may want my DNS request to be seen by the network as well as fielded by my DNS filtering service. The network gets value out of DNS. If I see inappropriate DNS requests I can go and address the user or fix the device.”

Continuing to expose these DNS requests through an echo to the local network provides this, while the actual requests are secure and encrypted by the DNS protection agent using DoH. This option achieves the best of both worlds by adding the security of DoH to the security of the local network.

3. By allowing agents to fail open

DNS is instrumental to the functionality of the internet. So, the question is, what do we do when a filtered answer is not available? By failing over to the local network, it’s assured that the internet continues to function. However, there are times when filtering and privacy are more important than connectivity. Being able to choose if DNS requests can leak out to the local network helps you stay in control by choosing which is a priority.

 “Fail open functionality essentially allows admins to make a tradeoff between the protection offered by DNS filtering and the productivity hit that inevitably accompanies a lack of internet access,” says Barnett.

Privacy your way

The encryption of DoH enables options for fine-tuning privacy preferences while preserving the security benefits of DNS filtering. Those that must comply with the needs of privacy-centric users now have control over what is revealed and what is logged, while maintaining the benefits of communicating using DoH.

Click here to read related blogs covering the transition to DNS over HTTPS.

It’s Time to Talk Seriously About Deepfakes and Misinformation

Like many of the technologies we discuss on this blog—think phishing scams or chatbots—deepfakes aren’t necessarily new. They’re just getting a whole lot better. And that has scary implications for both private citizens and businesses alike.

The term “deepfakes,” coined by a Reddit user in 2017, was initially most often associated with pornography. A once highly trafficked and now banned subreddit was largely responsible for developing deepfakes into easily created and highly believable adult videos.

“This is no longer rocket science,” an AI researcher told Vice’s Motherboard in an early story on the problem of AI-assisted deepfakes being used to splice celebrities into pornographic videos.

The increasing ease with which deepfakes can be created also troubles Kelvin Murray, a senior threat researcher at Webroot.

“The advancements in getting machines to recognize and mimic faces, voices, accents, speech patterns and even music are accelerating at an alarming rate,” he says. “Deepfakes started out as a subreddit, but now there are tools that allow you to manipulate faces available right there on your smartphone.”

While creating deepfakes used to require good hardware and a sophisticated skillset, app stores are now overflowing with options creating them. In terms of technology, they’re simply a specific application of machine learning technology, says Murray.

“The basics of any AI system is that if you throw enough information at it, itcan pick it up. It can mimic it. So, if you give it enough video, it can mimic a person’s face. If you give it enough recordings of a person, it can mimic that person’s voice.”

There are several ways deepfakes threaten to redefine the way we live and conduct business online.

Deepfakes as a threat to privacy

A stolen credit card can be cancelled. A stolen identity, especially when it’s a mimicked personal attribute, is much more difficult to recover. The hack of a firm dedicated to developing facial recognition technology, for instance, could be a devastating source of deepfakes.

“So many apps, sites and platforms host so many videos and recordings today. What happens when they get hacked? Will the breach of a social media platform allow a hacker to impersonate you,” asks Murray.

Businesses must be especially careful about the data they collect from customers or users, asking both if it’s necessary to collect and if it can be stored safely afterwards. If personal data must be collected, security must be a top priority, and not only for ethical reasons. Governments are starting to enact some strict regulations and doling out some stiff fines for data breaches.

Ultimately, Murray thinks those governments may need to weigh in more heavily on the threat of deepfakes as they become even more indistinguishable from reality.

“We’re not going to stop this technology. It’s here. But people need to have the discussion about where we’re heading. In the same way GDPR was created to protect people’s data, we’re going to need to have a similar conversation about deepfakes leading to a different kind of identity theft.”

Deepfakes as a cybersecurity threat to businesses

It’s important to note the ways in which deepfakes can be used to target businesses, not just to spoof individuals.

“These business-related instances aren’t too common yet,” says Murray. “But we’re at the beginning of a wave right now in terms of AI-enabled threats against businesses.

A late 2019 attack against a U.K. energy firm could be a sign of scary things to come. Rather than video, this attack took advantage of voice-spoofing technology to pose as an executive’s manager, insisting he wire nearly $250 thousand to a “supplier” immediately. In the aftermath of the scam, the victim reported being convinced by both the accent and the rhythm of the fake speech pattern.

To safeguard against what could be a rising attack method, Murray recommends businesses understand what deepfakes are capable of and follow best practices for avoiding fraud, no matter the technology.

“Have well-defined protocol for changing account details and signing off on any invoices,” he advises “Train financial and accounting teams especially rigorously on these protocols and encourage them to pick up the phone and double-check when anything seems strange or off. In these days of increased working from home it’s also tougher for financial staff to walk up to other finance or sales colleagues and make informal double checks.”

Deepfakes and misinformation campaigns

Soon after deepfakes went mainstream, implications for politics and the weaponization of misinformation became clear, prompting the U.S. Senate to address the issue in 2018.

While initially used to humiliate or extort people, mostly women, malicious actors began to see them as a way to sway public opinion or sow chaos. Deeptrace, a company dedicated to uncovering deepfakes, has noted instances where manipulated video was used to promote social discord and scandal across the globe.

“Deepfakes further undermine our ability to believe what we read, and now even watch, on the internet,” says Murray. This leads to widespread distrust, especially on issues where understanding is crucial, like the coronavirus pandemic, where misinformation is bountiful.

To combat misinformation, Murray advises to keep in mind how much of it is out there. Always consider the source of the information you’ve received before acting on it, especially if it makes you angry or elicits some other strong emotional response.

Deepfakes will likely make the internet even more difficult to rely on as a source of information in the years to come. But reducing their impact starts with understanding how far they’ve come and what they’re capable of.

To learn more on Deepfakes and misinformation, listen to the podcast.

False Confidence is the Opposite of Cyber Resilience

Have you ever met a person who thinks they know it all? Or maybe you’ve occasionally been that person in your own life? No shame and no shade intended – it’s great (and important) to be confident about your skills. And in cases where you know your stuff, we encourage you to keep using your knowledge to help enhance the lives and experiences of the people around you.

But there’s a big difference between being reasonably confident and having false confidence, as we saw in our recent global survey. Featured in the report COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, the survey data shows that, all over the world, people are pretty confident about their ability to keep themselves and their data safe online. Unfortunately, people are also still getting phished and social engineering tactics aimed at employees are still a major way that cybercriminals successfully breach businesses. These data points strongly suggest that we aren’t all being quite as cyber-safe as we think.

Overconfidence by the Numbers

Approximately 3 in 5 people (59%) worldwide think they know enough to stay safe online.

You may think 59% doesn’t sound high enough to earn the label of “false confidence”. But there were two outliers in our survey who dragged the average down significantly (France and Japan, with only 44% and 26% confidence, respectively). If you only take the average of the five other countries surveyed (the US, UK, Australia/New Zealand, Germany and Italy), it’s a full ten percentage points higher at 69%. UK respondents had the highest level of confidence out of all seven regions surveyed with 75%.

8 in 10 people say they take steps to determine if an email message is malicious.

Yet 3 in 4 open emails and click links from unknown senders.

When so many of us claim to know what to do to stay safe online (and even say we take steps to determine the potential sketchiness of our emails), why are we still getting phished? We asked Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, for his take on the matter. He had two important points to make.

Individualism

According to Dr. Rajivan, it’s important to note that Japan had the lowest level of confidence about their cybersecurity know-how (only 26%), but the survey showed they also had the lowest rate of falling victim to phishing (16%). He pointed out that countries with more individualistic cultures seem to align with countries who ranked themselves highly on their ability to keep themselves and their data safe.

“When people adopt a less individualistic mindset and, instead, perceive themselves to have a greater responsibility to others, their average level of willingness to take risks decreases. This is especially important to note for businesses that want to have a cyber-aware culture.”

– Prashanth Rajivan, Ph.D.

The Dunning-Kruger Effect

Another factor Dr. Rajivan says may contribute to overconfidence in one’s ability to spot phishing attacks might be a psychological phenomenon called the “Dunning-Kruger Effect”. The Dunning-Kruger Effect refers to a cognitive bias in which people who are less skilled at a given task tend to be overconfident in their ability, i.e. we tend to overestimate our capabilities in areas where we are actually less capable.

How These Numbers Affect Businesses

Only 14% of workers feel that a company’s cyber resilience is a responsibility all employees share.

The correlations between overconfidence and individualism may also translate into a mentality that workers are not responsible for their own cybersecurity during work hours. While 63% of workers surveyed agree that a cyber resilience strategy that includes both security tools and employee education should be a top priority for any business, only 14% felt that cyber resilience was a shared responsibility for all employees.

How to Create a Cyber Aware Culture

The short answer: a strong combination of employee training and tools.

The long answer: when asked what would help them feel better prepared to avoid phishing and prevent cyberattacks, workers worldwide agreed that their employers need to invest more heavily in training and education, in addition to strong cybersecurity tools. Dr. Rajivan also agrees, stating that, if employers want to build cybersecurity awareness into their business culture, then they need to invest heavily in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Additionally, he tells us, “Human behavior is shaped by past experiences, consequences and reinforcement. To see a real change in human behavior related to phishing and online risk-taking habits in general, people need frequent and varied experiences PLUS appropriate feedback that incentivizes good behavior.”

Ultimately, the importance of training can’t be emphasized enough. According to real-world data from customers using Webroot® Security Awareness Training, which provides both training courses and easy-to-run, customizable phishing simulations, consistent training can reduce click rates on phishing scams by up to 86.5%.

It’s clear a little training can go a long way. If you want to increase cyber resilience, you have to minimize dangerous false confidence. And to do that, you need to empower your workforce with the tools and training they need to confidently (and correctly) make strong, secure decisions about what they do and don’t click online.

Learn more about Security Awareness Training programs.

Cyber Resilience for Business Continuity

“Ten years ago, you didn’t see state actors attacking [small businesses]. But it’s happening now,” warns George Anderson, product marketing director at Carbonite + Webroot, OpenText companies.

Sadly, many of today’s managed service providers who serve small and medium-sized businesses now have to concern themselves with these very threats. Independent and state-sponsored hacking groups use sophisticated hacking tools (advanced persistent threats or APTs), to gain unauthorized access to networks and computers, often going undetected for months or even years at a time. In fact, according to the 2020 Verizon Data Breach Investigations Report, cyber-espionage is among the top patterns associated with breaches targeting businesses worldwide.

These attacks can be difficult even for highly sophisticated enterprise security teams to detect, stop or recover from. But all businesses, no matter their size, must be ready for them. As such, MSPs, themselves ranging in size from a few techs to a few hundred professionals, may find they need help protecting their SMB customers from APTs; that’s on top of the consistent onslaught of threats from ordinary, profit-motivated cyberattackers. That’s where the concept of cyber resilience comes in.

What does cyber resilience look like?

“Being [cyber] resilient – knowing that even if you’re knocked offline you can recover quickly – is essential for today’s businesses,” George says.

The reality is that today’s organizations have to accept a breach is pretty much inevitable. Their level of cyber resilience is the measure of the organization’s ability to keep the business running and get back to normal quickly. “It’s being able to absorb punches and get back on your feet, no matter what threatens,” as George put it in a recent podcast with Joe Panettieri, co-founder MSSP Alert & ChannelE2E.

Read more about how businesses can build a cyber resilient company culture.

How can businesses and MSPs achieve cyber resilience?

Because cyber resilience is about both defending against attacks and preparing for their inescapability,  a major component in a strong resilience strategy is the breadth of coverage a business has. In particular, having tested and proven backup and disaster recovery solutions in place is the first step in surviving a breach. If a business has reliable, real-time (or near real-time) recovery capabilities, then in the event of an attack, they could make it through barely skipping a beat.

Now, George has clarified that “no single solution can offer complete immunity against cyberattacks on its own.” To reduce the risk of events like data loss from accidental deletion, device theft or hardware failure, your clients need multiple layers of protection that secure their devices and data from multiple angles. Here are George’s top data protection tips:

Ultimately, George says ensuring business continuity for MSPs and the businesses they serve through comprehensive cyber resilience solutions is the primary goal of the Carbonite + Webroot division of OpenText.

“We want to up the advocacy and stop attacks from happening as much as we possibly can.  At  the  same time, when they inevitably do happen, we want to be able to help MSPs recover and limit lost time, reputation damage, and financial impact so businesses can keep functioning.”

To learn more about cyber resilience, click here.

MSP Insight: Netstar Shares Cyber Resilience Strategies for Remote Work

Guest blog by Mit Patel, Managing Director of London based IT Support company, Netstar.

In this article, Webroot sits down with Mit Patel, Managing Director of London-based MSP partner, Netstar, to discuss the topic of remote work during a pandemic and tips to stay cyber resilient.

Why is it important to be cyber resilient, specifically when working remote?

It’s always important to be cyber resilient, but a lot has changed since the start of the COVID-19 lockdown that needs to be taken into consideration.

Remote work has posed new problems for businesses when it comes to keeping data secure. Since the start of lockdown, there has been a significant increase in phishing scams, ransomware attacks and malicious activity. Scammers now have more time to innovate and are using the widespread anxiety of coronavirus to target vulnerable people and businesses.

Moreover, the sudden shift in working practices makes the pandemic a prime time for cyber-attacks. Employees can no longer lean over to ask a colleague if they are unsure about the legitimacy of an email or web page. Instead, they need to be confident in their ability to spot and avoid potential security breaches without assistance.

Remote work represents a significant change that can’t be ignored when it comes to the security of your business. Instead, businesses need to be extra vigilant and prioritise their cyber resilience.

What does cyber resilience mean to you?

It’s important to differentiate between cyber resilience and cyber security. Cyber security is a component of cyber resilience, referring to the technologies and processes designed to prevent cyber-attacks. Whereas, I believe cyber resilience goes a step further, referring to the ability to prevent, manage and respond to cyber threats. Cyber resilience recognises that breaches can and do happen, finding effective solutions that mean businesses recover quickly and maintain functionality. The main components of cyber resilience include, training, blocking, protecting, backing up and recovering. When all these components are optimised, your cyber resilience will be strong, and your business will be protected and prepared for any potential cyber threats.

Can you share some proactive methods for staying cyber resilient when working remote?

Absolutely. But it’s important to note that no solution is 100% safe and that a layered approach to IT security is necessary to maximise protection and futureproof your business.

Get the right antivirus software. Standard antivirus software often isn’t enough to fully protect against viruses. Businesses need to consider more meticulous and comprehensive methods. One of our clients, a licensed insolvency practitioner, emphasized their need for software that will ensure data is protected and cyber security is maximised. As such, we implemented Webroot SecureAnywhere AnitVirus, receiving excellent client feedback, whereby the client stressed that they can now operate safe in the knowledge that their data is secure.

Protect your network. DNS Protection is a critical layer for your cyber resilience strategy. DNS will protect you against threats such as malicious links, hacked legitimate websites, phishing attacks, CryptoLocker and other ransomware attacks. We have implemented DNS Protection for many of our clients, including an asset management company that wanted to achieve secure networks with remote working capability. In light of the current remote working situation, DNS Protection should be a key consideration for any financial business looking to enhance their cyber resilience.

Ensure that you have a strong password policy. Keeping your passwords safe is fundamental for effective cyber resilience, but it may not be as simple as you think. Start by making sure that you and your team know what constitutes a strong password. At Netstar, we recommend having a password that:

  • Is over 10 characters long
  • Contains a combination of numbers, letters and symbols
  • Is unpredictable with no identifiable words (even if numbers or symbols are substituted for letters)

You should also have different passwords for different logins, so that if your security is compromised for any reason, hackers can only access one platform. To fully optimise your password policy, you need to consider multi-factor authentication. Multi-factor authentication goes a step further than the traditional username-password login. It requires multiple forms of identification in order to access a certain email account, website, CRM etc. This will include at least two of the following:

  • Something you know (e.g. a password)
  • Something you have (e.g. an ID badge)
  • Something you are (e.g. a fingerprint)

Ensure that you have secure tools for communication. Collaboration tools, like Microsoft Teams, are essential for remote working. They allow you to communicate with individuals, within teams and company-wide via audio calls, video calls and chat.

When it comes to cyber resilience, it’s essential that your team know what is expected of them. You should utilise collaboration tools to outline clear remote working guidance to all employees. For example, we would recommend discouraging employees from using personal devices for work purposes. The antivirus software installed on these devices is unlikely to be of the same quality as the software installed on work devices, so it could put your business at risk.

Furthermore, you need to be confident that your employees can recognise and deal with potential security threats without assistance. Individuals can no longer lean across to ask a colleague if they’re unsure of the legitimacy of something. They need to be able to do this alone. Security awareness training is a great solution for this. It will teach your team about the potential breaches to look out for and how to deal with them. This will cover a range of topics including, email phishing, social media scams, remote working risks and much more. Moreover, courses are often added and updated, meaning that your staff will be up to date with the latest scams and cyber threats.

Implement an effective backup and disaster recovery strategy

Even with every preventive measure in place, things can go wrong, and preparing for disaster is crucial for effective cyber resilience.

In fact, a lot of companies that lose data because of an unexpected disaster go out of business within just two years, which is why implementing an effective backup and disaster recovery strategy is a vital layer for your cyber resilience strategy.

First, we advise storing and backing up data using an online cloud-based system. When files are stored on the cloud, they are accessible from any device at any time. This is particularly important for remote working; it means that employees can collaborate on projects and access necessary information quickly and easily. It also means that, if your device is wiped or you lose your data, you can simply log in to your cloud computing platform and access anything you might need. Thus, data can easily be restored, and you’re protected from potential data loss.

Overall, disaster recovery plans should focus on keeping irreplaceable data safe. Consider what would happen to your data in the event of a disaster. If your office burned down, would you be confident that all your data would be protected?

You should be working with an IT support partner that can devise an effective and efficient disaster recovery plan for your business. This should set out realistic expectations for recovery time and align with your insurance policy to protect any loss of income. Their goal should be to get your business back up and running as quickly as possible, and to a high standard (you don’t want an IT support partner that cuts corners). Lastly, your IT support provider should regularly test your strategy, making sure that if disaster did occur, they could quickly and effectively restore the functionality of your business.

What else should fellow MSPs keep in mind during this trying time?

In the last four years, cyber resilience has become increasingly important; there are so many more threats out there, and so much valuable information that needs protecting.

We have happy clients because their machines run quickly, they experience less IT downtime, and they rarely encounter viruses or malicious activity. We know that we need to fix customers’ problems quickly, while also ensuring that problems don’t happen in the first place. Innovation is incredibly important to us, which is why we’ve placed a real focus on proactive client advisory over the last 24 months.

That’s where a strong cyber resilience strategy comes into play. MSPs need to be able to manage day-to-day IT queries, while also focusing on how technology can help their clients grow and succeed in the future.There is plenty of advice around the nuts and bolts of IT but it’s the advisory that gives clients the most value. As such, MSPs should ensure they think like a customer and make technological suggestions that facilitate overall business success for their clients.