Business + Partners

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click? That’s what we wanted...

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of...

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now...

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have? Substitute your digital...

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click?

That’s what we wanted to find out when we conducted our most recent survey. We checked in with thousands of office workers across seven different countries to get a global perspective on phishing and people’s individual click habits. Then we partnered with Dr. Prashanth Rajivan, assistant professor at the University of Washington, to gain a deeper understanding of phishing and those habits, as well as how things have shifted during COVID-19 in our new report: COVID-19 Clicks: How Phishing Capitalized on a Global Crisis.

In this blog post, we’ve summarized this comprehensive report and included tips for how to stay safe, but we strongly encourage you to check out the full writeup.

Why do people still click?

3 in 10 people worldwide clicked a phishing link in the past year. Among Americans, it’s 1 in 3.

According to Dr. Rajivan, what we need to consider is that human beings aren’t necessarily good at dealing with uncertainty, which is part of why cybercriminals capitalize on upheaval (such as a global pandemic) to launch attacks.

“People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t.”

– Prashanth Rajivan, Ph.D.

Tip # 1

  • For businesses: Ensure workers have clear distinctions between work and personal time, devices, and obligations. This helps reduce the amount of uncertainty that can ultimately lead to phishing-related breaches.
  • For individuals: Hackers often exploit security holes in older software versions and operating systems. Update software and systems regularly to help shut the door on malware.

Has phishing increased since COVID-19 began

At least one in five people have received a phishing email related to COVID-19.

There’s no doubt that the global COVID-19 pandemic has changed a lot about how we live and work. According to our survey, 54% of workers spend more time working from home than they did before the pandemic. With more people connecting to the internet outside of corporate networks and away from the watchful eyes of IT teams, it’s to be expected that cybercriminals would take advantage.

“[We’ve seen] massive spikes […] in phishing URLs targeting COVID-related topics. For example, with more people spending time at home, use of streaming services has gone up. In March alone, we saw a 3000% increase in phishing URLs with ‘youtube’ in the name.

– Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText Companies

Regardless, the majority of people surveyed still think they are at least the same level of prepared or more prepared to spot phishing email attempts, now that they’ve spent more time working from home

“People are taking increased physical safety measures in the pandemic, including mask wearing, social distancing, more frequent hand-washing, etc. I think this heightened level of precaution and awareness could cause people to slightly overestimate their overall safety, including their safety regarding online threats.”

– Prashanth Rajivan, Ph.D.

Tip #2

  • For businesses: Know your risk factors and over prepare. Once you’ve assessed the risks, you can create a stronger data breach response plan.
  • For individuals: Stay on your toes. By being vigilant and maintaining a healthy dose of suspicion about all links and attachments in messages, you can significantly decrease your phishing risk.

People say they know better. Do they really?

81% of people say they take steps to determine if an email message is malicious. Yet 76% open emails and click links from unknown senders.

When we asked Dr. Rajivan why these numbers don’t line up, he said the difference is between knowing what you should do and actually doing it

“There are huge differences between knowing what to do and actually operationalizing that knowledge in appropriate scenarios. I suspect many people don’t really take the actions they reported, at least not on a regular basis, when they receive suspicious emails.”

– Prashanth Rajivan, Ph.D.

Tip #3

  • For businesses: Back up data and ensure employees can access and retrieve data no matter where they are. Accidents happen; what matters most is being able to recover quickly and effectively. Don’t forget to back up collaboration tools too, such as Microsoft® Teams and the Microsoft® 365 suite.
  • For individuals: Make sure important data and files are backed up to secure cloud storage or an external hard drive. In the case of a hard drive, make sure it’s only connected while backing up, so you don’t risk backing up infected or encrypted files. If it’s a cloud back up, use the kind that lets you to restore to a specific file version or point in time.

What’s the way forward?

All over the world, workers say that in order to be better prepared to handle cyberattacks, they need more education.

According to global respondents, more knowledge and better understanding is key for stronger cyber resilience. The top three things people everywhere said would help them better prepare themselves to handle cyber threats like phishing were: knowing which tools could help prevent an attack, knowing what to do if you fall victim to an attack, and understanding the most common types of attacks.

Dr. Rajivan points out that, if businesses are asking individuals to make changes to their own behavior for the greater safety of all, then they need to make it clear they are willing to invest in their people.

“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”

– Prashanth Rajivan, Ph.D.

Tip #4

  • For businesses: Invest in your people. Empower your people with regular training to help them successfully avoid scams and exercise appropriate caution online.
  • For individuals: Educate yourself. Even if your company provides training, Dr. Rajivan recommends we all subscribe to cybersecurity-related content in the form of podcasts, social media, blogs, and reputable information sources to help keep strong, cyber resilient behavior top-of-mind.

Want more details on click habits and shifting risks during COVID-19?
Read our full report, COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, to start building out your cybersecurity education today. And be sure to check back here on the Webroot blog for the latest in news in phishing prevention.          

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of curated data into their product or service. Over the years, we’ve had the good fortune to work with partners of all sizes, from global networking and security vendors to innovative and dynamic start-ups across the world.

With the end-of-life of Broadcom’s Symantec RuleSpace OEM Web Classification service, we’ve received numerous inquiries from their former customers evaluating alternative solutions. Here we’ll outline the things to consider in a replacement. For more on why Webroot is poised to fill the gap left by the Broadcom, you can read the complete whitepaper here.

Your use case: how well does it align with the vendor?

Each use case is unique. Every vendor or service provider brings its own benefit to market and has its own idea about how their service or solution adds value for customers, clients or prospects. That’s why our adaptive business model focuses on consulting with partners on technical implementation options, spending the time to understand each business and how it may benefit from a well-architected integration of classification and/or intelligence services.

Longevity and track record

A key factor influencing change on the internet is innovation. Every service provider is continuously enhancing and improving its services to keep pace with changes in the threat landscape, and with general changes to the internet itself. As well as keeping up with this change, it’s important that a vendor brings a historical perspective to the partnership. This experience will come in handy in many ways. Scalability, reliability and overall business resilience should be expected from a well-established vendor.

Industry recognition

Fair comparative evaluations of web classification and threat intelligence providers are difficult to achieve. We can offer guidance to prospective partners, but it’s often more reassuring to simply see the strong partner relationships we have today. Many of these we’ve worked with for well over a decade. When evaluating a vendor, we recommend looking closely at current partners and imagining the investments each have made in their integrated solutions. This speaks volumes about integration performance and the quality of the partnership.

Technology platform

A classification or threat dataset is only as good its sources and the analytics used to parse it. Many companies offer classification and/or threat intelligence data, but the quality of that data varies significantly.

Threat Intelligence Capabilities

Not all our partners’ use cases require threat intelligence, but for those that do it’s critical they understand where their threat data comes from. There are now a great many sources of threat data, but again these are far from equal. Worse still, comparing source is often no simple task.

Ease of integration

As mentioned, every use case is unique. So are the platforms into which web classification, malware detection and threat intelligence services are integrated. It’s therefore crucial that a vendor provide flexible integration options to accommodate any pioneering partner, service provider or systems integrator. Simply providing data via an API is useful, but will it always deliver the performance required for real-time applications?  Delivering a local database of threats or classifications may help with performance, but what about new threats? Achieving a balance of flexible delivery, performance and security is crucial, so take time to discuss with potential vendors how they plan to deliver.

Phishing detection

Phishing sites are some of the most dynamic and short-lived attack platforms on the web, so intelligence sources must be capable of detecting and tracking them in real-time. Most phishing intelligence sources depend on manual submissions of phishing sites by end users. This is far from ideal. Users are prone to error, and for every 10,000 users who click on a phishing site only one will report it to an authority or tracking service, leading to massive under-reporting of this threat vector.

Category coverage: beware category overload

There are various approaches to classifying the web and different vendors specialize in different areas. In many cases, this is determined by the data sources they have access to or the markets in which they operate. Again, it’s important to evaluate the partners to whom the vendor is delivering services and to consider how the vendor may or may not add value to the partnership. 

Efficacy and performance

Efficacy is fundamental to web classification or threat detection capabilities, so it should be a core criterion when evaluating a vendor. Depending on the use case, false positives or false negatives may be the primary concern when making determinations. Potential vendors should be evaluated for performance in these areas and asked how they approach continuous improvement.

Reliability

Building any third-party service or solution into a product, platform or service entails risk. There’s always the chance the new dependency negatively affects the performance or user experience of a service. So it’s importance to ensure a vendor can reliably deliver consistent performance. Examine each’s track record and customers base, along with the use cases they’ve previously implemented. Do the vendor’s claims match the available evidence? Can current customers be contacted about their experiences with the vendor?

Scalability

In assessing vendors, it can be difficult to determine the level of scalability possible with their platform. It helps to ask questions about how they build and operate their services and looking for examples where they’ve responded to unexpected growth events that can help demonstrate the scaling capabilities of their platform. Be wary of smaller or upstart vendors that may have difficulty when their platform is heavily loaded or when called upon to grow faster than their existing implementation allows.

Flexibility

Some solutions may look technically sound, easily accessible and well-documented while a mutually agreeable business model remains elusive. Conversely, an agreeable business model may not be backed by the efficacy or quality of service that desired from a chosen vendor.

Feedback loops: making the best better

We’re often approached by contacts asking us for a “feed” of some kind. It may be a feed of threat data, malware information or classifications. In fact, many of our competitors simply push data for customers or partners to consume as their “product.” But this approach has inherent weaknesses.

Partnership: not just a customer relationship

As mentioned, we seek to build strong partnerships with mutual long-term benefit. Look for this approach when considering a vendor, knowing you’ll likely be working with them for a long time and fewer changes to your vendor lineup mean more time optimizing your products and services. Ask yourself: Who will we be working with? Do we trust them? How easy are they to get ahold of? These are critical considerations when selecting a vendor for your business.

Summary

We hope to have provided some food for thought when it comes to selecting an integration partner. To read the full whitepaper version of this blog, please click here. We’re always standing by to discuss prospective clients’ needs and to provide any possible guidance regarding our services. We’re here to help you craft the best possible solutions and services. Please contact us to take the next step towards an even more successful

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now more than ever.

MSPs are ideally positioned to deliver the solutions businesses need in order to adapt to the current environment. In this post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM strategy for capitalizing on the shifting demands of today’s market.

1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience

A cybersecurity GTM strategy is not a one-size-fits-all proposition. Each customer has unique needs. Some operate with higher levels of remote workers than others. Some may have more sensitive data than others. And some will have lower tolerances to the financial impact of a data breach than others. So, understand the current state of your customer’s ability to adequately protect against, prevent, detect and respond to modern cyberthreats, and then focus on what aspects of cybersecurity are important to them.

2.  Leverage Multi-Layered Security

Today’s businesses need a cybersecurity strategy that defends against the methods and vectors of attack employed by today’s cybercriminals. This includes highly deceptive and effective tactics like Ransomware, phishing and business email compromise (BEC). These methods require a layered approach, where each layer addresses a different vulnerability within the larger network topology:

  • Perimeter – This is the logical edge of your customer’s network where potentially malicious data may enter or exit. Endpoints (wherever they reside), network connectivity points, as well as email and web traffic all represent areas that may need to be secured.
  • User – The employee plays a role when they interact with potentially malicious content. They can either be an unwitting victim or actually play a role in stopping attacks. This makes it necessary to address the user as part of your GTM strategy.
  • Endpoint – Consider the entire range of networked devices, including corporate and personal devices, laptops, tablets and mobile phones. Every endpoint needs to be protected.
  • Identity – Ensuring the person using a credential is the credential owner is another way to keep customers secure. 
  • Privilege – Limiting elevated access to corporate resources helps reduce the threat surface.
  • Applications – These are used to access information and valuable data. So, monitoring their use by those with more sensitive access is critical.
  • Data – inevitably, it’s the data that is the target. Monitoring who accesses what provides additional visibility into whether an environment is secure.

For each layer, there’s a specific tactic or vector that can form the basis of an attack, as well as specific solutions that address vulnerabilities at that layer.

3. Determine the Right Pricing Model

Pricing can make or break a managed service. Too high and the customer is turned off. Too low and there’s not enough perceived value. Pricing is the Goldilocks of the MSP world. It needs to be just right.

Unlike most of your other services, cybersecurity is a constantly moving target, which can make pricing a challenge. After all, a predictable service offering equates to a profitable one. The unpredictability of trying to keep your customers secure can therefore impact profitability. So, it’s imperative that you get pricing correct. Your pricing model needs to address a few things:

  • It needs to be easy to understand – Like your other services, pricing should be straightforward.
  • It should demonstrate value – The customer needs to see how the service justifies the expense.
  • It needs to focus on protection – Because you have no ability to guess the scope and frequency of attacks, it’s important to keep the services centered around preventive measures.
  • Consider all your costs – Cost is always a factor for profitability. As you determine pricing, keep every cost factor in mind.

4. Rethink How You Engage Prospects

Assuming you’re going to be looking for new customers with this service offering (in addition to selling it to existing customers), it’s important to think about how to engage prospects. The days of cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead, today’s buyer is looking to establish connections with those they believe can assist their business. Social media sites have become the primary vehicle for a number of aspects of the buyer’s journey:

Build a Cybersecurity GTM Strategy that Works

The biggest challenge with bringing a cybersecurity service to market is meeting the expectations of the prospective customer. Demonstrate value from the very first touch through social media engagement and content. Meet their unique needs with comprehensive solutions that address all their security vulnerabilities. And finally, make sure your pricing is simple, straightforward and easy to understand.

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have?

Substitute your digital space for your home and encryption for the safe and you have what’s known as ransomware. Ransomware is a type of malware. After the initial infection, your files are encrypted, and a note appears demanding payment, which is usually in the form of cryptocurrency such as bitcoin because transactions can’t be stopped or reversed. Once your files are encrypted, you can’t access them until you pay the ransom.

The roots of ransomware can be traced back to 1989. The virus, known as PS Cyborg, was spread through diskettes given to attendees of a World Health Organization International AIDS conference. Victims of PS Cyborg were to mail $189 to a P.O. box in Panama to restore access to their data.

Historically, ransomware was mass distributed indiscriminately which happened to be mostly personal machines that ended up getting infected. Today, the big money is in attacking businesses. Most of these infections go unreported because companies don’t want to expose themselves to further attacks or reputational damage.

Criminals know the value of business data and the cost of downtime. Because they service multiple SMB customers simultaneously, managed service providers (MSPs) are now an especially attractive target. A successful attack on an MSP magnifies the impact of attacks and the value of the ransom.

Primary ransomware attack vectors – with more detailed descriptions below – include:

  • Phishing
  • Cryptoworms
  • Polymorphic malware
  • Ransomware as a Service (RaaS)
  • Targeted attacks

Want more on ransomware and how it’s advancing? Click here for a new Community post.

Phishing: Still the No. 1 Ransomware threat

Ninety percent of all Ransomware infections are delivered through email.  The most common way to receive ransomware from phishing is from a Microsoft Office attachment. Once opened the victim is asked to enable macros. This is the trick. If the user clicks to enable the macro, then ransomware will be deployed to the machine. Phishing remains a significant and persistent threat to businesses and individuals. The Webroot 2020 Threat Report showed a 640% increase in the number of active phishing sites since 2019.

Cryptoworms

Cryptoworms are a form of ransomware that able to gain a foothold in an environment by moving laterally throughout the network to infect all other computers for maximum reach and impact. The most spectacular incarnation of a cryptoworm was WannaCry in 2017, where more than 200,000 computers were affected in 150 countries causing hundreds of millions in damages.

Polymorphic malware

One of the more notorious forms of ransomware circulating today is polymorphic malware, which makes small changes to its signature for each payload dropped on machine – effectively making it a brand new, never before seen file. Its ability to morph into a new signature enables it to evade many virus detection methodologies. Studies show that 95% of malware is now unique to a single PC. This is largely due to the shape-shifting abilities of polymorphic malware code. Today, nearly all ransomware is polymorphic, making it more difficult to detect with signature-based, antivirus technologies.

Ransomware as a Service (RaaS)

Ransomware has become so lucrative and popular that it’s now available as a “starter kit” on the dark web. This allows novice cybercriminals to build automated campaigns. Many of these kits are available free of charge for the payload, but criminals owe a cut (around 30% but this can vary based on how many people you infect) to the author for a ransom payment using their payload. Grandcab, also known as Sodinokibi, was perhaps the most famous to use this tactic.

Targeted attacks

Cybercriminals are moving away from mass distribution in favor of highly focused, targeted attacks. These attacks are typically carried out by using tools to automatically scan the internet for weak IT systems. They are usually opportunistic, thanks to the vulnerability scanners used. Targeted attacks often work by attacking computers with open RDP ports. Common targets include businesses with lots of computers but not a lot of IT staff or budget. This usually means education, government municipality, and health sectors are the most vulnerable.

Stay cyber resilient with multi-layered defense

As you can see, ransomware authors have a full quiver of options when it comes to launching attacks. The good news is, there are as many solutions for defending systems against them. The best way to secure your data and your business is to use a multi-layered cyber resilience strategy, also known as defense in depth. This approach uses multiple layers of security to protect the system. We encourage businesses of all sizes to deploy a defense-in-depth strategy to secure business data from ransomware and other common causes of data loss and downtime. Here’s what that looks like.

Backup

Backup with point-in-time restore gives you multiple recovery points to choose from. It lets you roll back to a prior state before the ransomware virus began corrupting the system.

Advanced threat intelligence

Antivirus protection is still the first line of defense. Threat intelligence, identification and mitigation in the form of antivirus is still essential for preventing known threats from penetrating your system.

Security awareness training

Your biggest vulnerability is your people. Employees need to be trained on how to spot suspicious emails and what to do in case they suspect an email is malicious. According our research, regular user training can reduce malware clickthrough rates by 220%.

Patch and update applications

Cybercriminals are experts at identifying and exploiting security vulnerabilities. Failing to install necessary security patches and update to the latest version of applications and operating systems can leave your system exposed to an attack.

Disable what you’re not using

Disable macros for most of the organization as only a small percentage will need them. This can be done by user or at the group policy level in the registry. Similarly, disabling scripts like HTA, VBA, Java, and Powershell will also stop these powerful tools that criminals use to sneak infections into an environment.

Ransomware mitigation

Make sure your IT staff and employees know what to do when a ransomware virus penetrates your system. The affected device should immediately be taken offline. If it’s a networked device, the entire network should be taken down to prevent the spread of the infection.

Want to learn more about how to protect your business or clients from ransomware? Here are five actionable tips for better defending against these attacks.

10 Ways a Commercial DNS Filtering Service Improves Your Cyber Resilience

If you’ve landed on this blog, then there’s a good chance you’re already aware that DNS is undergoing a major overhaul. DNS 2.0—aka encrypted DNS, DNS over HTTPS, or DoH—is a method for encrypting DNS requests with the same HTTPS standard used by numerous websites, such as online banking, to protect your privacy when dealing with sensitive information display.

While there’s no doubt that DoH offers incredible privacy benefits, it also has the potential to be a major security risk for businesses. That’s because DoH effectively wraps DNS requests in encryption protocols, which prevent traditional DNS or web filtering security solutions from being able to filter requests to malicious, risky, or otherwise unacceptable or inappropriate websites.

Although some DNS filtering solutions are now making moves to modernize, many of them simply provide the option to either allow or block all DoH requests, rather than offering any sort of nuanced control.

“That’s really where Webroot® DNS Protection differs from the competition,” says George Anderson, product marketing director at Webroot, an OpenText company. “Ours is currently the only DNS security product that lets businesses fully leverage DoH and its privacy benefits. Our solution encrypts data using HTTPS to route DNS requests through secure Webroot resolvers to prevent eavesdropping, manipulation, or exploitation of data.”

How a Commercial DNS Filtering Service is a Game Changer

According to George, the cyber resilience benefits of using a private, commercial DNS security service that fully supports DoH are numerous. When we asked him to narrow down to his top 10, here’s what he had to say.

  1. First, it provides a very secure, reliable, multi-point of presence connection to the internet with high availability.
  2. Second, trusted DNS resolvers process ALL of your internet requests—we are talking any user, server, or application using the internet with a single, tamperproof choke point for admin and policy request controls.
  3. Third is confidentiality. It keeps your organization’s internet requests private and invisible to malicious actors, your ISP, and so-called “free” DNS resolvers—all of whom can abuse this data.
  4. It then gives your organization full visibility and log access to all of your internet traffic requests, allowing for security analysis and management through reports or ingestion via a SIM/SIEM.
  5. With Webroot, you also get transparent security policy filtering of both encrypted (DoH) and clear text (DNS) requests.
  6. Webroot BrightCloud® threat intelligence data automatically applies the latest and most accurate internet domain security in real time to every outbound request, regardless of source, meaning we stop the majority of malicious and suspicious request responses that could have led to a breach.
  7. A commercial service also provides the flexibility to manage internet access for guest/public WiFi networks, IP address ranges, user groups down to individual user, and lets you filter using a wide range of domain categories.
  8. In the context of WFH, if the user is connected to the internet via VPN or a local DNS agent on their device, then a DNS filtering solution protects them no matter where they connect.
  9. Also, from a WFH perspective, you need your DNS security service to integrate with the majority of VPNs and work easily with your other security and network technologies.
  10. Lastly, and definitely key your organization, a commercial DNS security service can offer great visibility into internet usage with scheduled executive reporting that lets you oversee internet use, assist with HR initiatives, and help ensure compliance.

As DoH continues to grow in adoption, George advises all businesses to be proactive about their cyber resilience strategies. Particularly as more work is conducted outside of more traditional office settings, it’s critical to understand and embrace the value that a flexible cloud gateway—whose protection is not confined to a physical network—can offer.

“Ultimately, in a world where many companies continue to support remote workers, businesses really can’t afford not to use a filtering solution that provides both privacy and security control.”

– George Anderson, product marketing director at Webroot, an OpenText company

Learn more about Webroot’s answer to DNS filtering or take a free trial of Webroot DNS Protection here.

Company Culture and Cyber Resilience by the Numbers

There’s no doubt we’ve all had to change our work habits as a result of the global coronavirus pandemic. Companies have had to adapt rapidly to smooth the transition to work from home. But companies will have to do more than adapt if they’re going to make cyber resilience a long-term priority going forward. As the edge of the network expands to include thousands of home networks and devices, it’s going to fall on leadership to establish a culture of cyber resilience, so employees internalize cyber security best practices instinctively.

What is a cyber resilient culture?

We asked Principal Product Manager Philipp Karcher what a cyber resilient culture is and what it takes to establish one at an organization. He said a culture of cyber resilience recognizes that everyone – not just IT – has role in cyber security. Karcher defines cyber resilience as the application of the same principles of IT resiliency so that employees:

Business benefits of security training

When businesses internalize this culture, they’re better prepared, better able to respond and better positioned to experience growth, Karcher says. Asking employees to devote time and effort toward security awareness is an investment in the future of the business.

On the other hand, businesses that don’t actively work toward a culture of cyber resilience are more vulnerable to cyberattack. Their employees are more likely to practice poor password hygiene, click on something they shouldn’t and make other mistakes, like misconfiguring access rights or accidentally sending someone the wrong file.

Cyber Resilience training delivers results

While IT resilience focuses on hardening data and applications, your overall cyber resilience as an organization depends equally on making users resilient. This should include a program of training and communication on security issues employees need to be aware of and education on how to properly respond to incidents.

We believe that when you look at the results of Webroot’s training program, it’s no wonder why it was recognized as a Strong Performer in The Forrester Wave™: Security Awareness and Training Solutions, Q1 2020. According to data from the Webroot Threat Research team:

Webroot also partnered with leading cybersecurity education content provider, NINJIO, to deliver engaging three-to-four-minute Hollywood-style micro-learning videos that feature updated COVID-19 content and encourage cyber resilient behavior, like identifying phishing emails and malicious URLs. 

In addition to regular employee training, Karcher says businesses should publish regular communications on security topics in the form of emails, internal social media, posters and videos. Examples include coverage of real-world threats they need to defend against in their work and personal lives, and industry news about other businesses that were adversely affected by attacks.

Cyber resilience can only become a part of culture through sustained, long term engagement – not just annual check-box training.

Interested in implementing a culture of cyber resilience? Take the first step here.

Hack, Crash, Storm, Spill: Pick Your Poison

Don’t expect cybercriminals to go easy during a hurricane. Quite the opposite, in fact. Just like they’ve used the coronavirus pandemic to launch COVID-related malware scams, hackers will capitalize on the names and news coverage of hurricanes to disguise attacks. That’s why now is a good time to review your cyber security posture and your overall cyber resilience strategy. We talked with Carbonite VP of Product Management Jamie Zajac about how to anticipate the types of adverse events that catch a lot of people and businesses off guard. With the right protection in place, you can maintain access to data during a hurricane – and all year round. You can start by knowing what to expect.

Get woke to data loss

When most people think of data loss, they think major disasters, like headline-generating storms and floods. Of course, it’s important to anticipate highly impactful outages. But these are far more rare than other causes of data loss. “It’s everyday scenarios that are really common. Like leaving a laptop on an airplane, dropping a phone in the river, or accidentally deleting a folder and having the recycle bin policies expire,” Zajac says.

Another cause of data loss is hardware failure. “Hardware has become more reliable,” Zajac says, “but you never know when a hard drive will fail, a computer will be dropped or a motherboard will crash.”

Since hardware has a finite lifespan, failure is inevitable. When you’re considering how to protect devices that store important data, Zajac recommends looking for a few key features:

  • Continuous backup (so you’re capturing changes as you make them)
  • Online file recovery (so you don’t have to wait to buy a new computer)
  • Cloud failover for critical servers or disaster recovery as a service (DRaaS)

An ounce of prevention

Whether it’s a lack of awareness, the complexity of systems or the perceived difficulty of deploying protection, too many people and businesses fail to protect themselves ahead of time. “We often don’t think to make cyber security and data protection a priority until it’s too late,” Zajac says. “For consumers and business alike, we see a ton of inquiries about how to get data off a hard drive that wasn’t backed up. That is way more time-consuming, expensive, error-prone and ineffective than having a full cyber resilience and protection plan in place.”

“It’s never worth the risk of being hacked,” Zajac says. “I’ve seen businesses struggle and even close when they lose data, or their brands suffer because hackers have stolen their data. As compliance requirements and privacy requirements evolve, more and more small businesses face these risks.”

Hurricane checklist

Hurricane season is prime time for system outages. But it’s also a useful reminder to prepare for the unexpected. Here are three key steps you can take to form a strategy for dealing with annually occurring threats, according to Zajac.

  1. Anticipate your office being unavailable – Like the physical disruptions we’ve experienced with the COVID-19 pandemic, anticipate IT infrastructure becoming unavailable. Can you run systems in the cloud? Can you access a cloud backup quickly? DRaaS is a great solution for businesses susceptible to hurricanes.
  2. Back up everything, not just some things – Many people realize too late that they only chose to back up critical systems, and that one of those “second-tier” systems is also necessary to run the business. It’s better to have everything backed up than to be missing something. You can often save costs by tiering your backups or having different recovery objectives for different systems. But don’t skip backing up some systems.
  3. Test your backups – Know whether you can recover systems within the time required.

When it comes to hurricanes and weather-related risks, specific security-related concerns should also be considered. “It’s important to train people on the protocols for when they need to work remotely,” Zajac says. “Generally speaking, you should be training users on security best practices, whether they are remote or in the office. But people are more distracted and thus susceptible to phishing and social engineering when they are remote.”

If people need to work from cloud workstations, personal devices or laptops, make sure they have a security suite, such as cloud-based anti-virus and anti-phishing protection. Make sure you have security software that doesn’t require people to be in the office. For example, if you are relying on your firewall to block malicious websites, it won’t help employees who are off the network. Use DNS protection with roaming device security for these scenarios.

An all-of-the-above approach

Murphy’s Law dictates that you’ll probably experience the data breach you’re not prepared for. Any form of data loss can have bad effects. So, if you’re too narrowly focused on just one threat, consider all the potential adverse events you could experience.

“Hackers are a constant threat and can have really big impacts in terms of data loss, productivity loss, compliance requirements, regulatory fines, brand damage and more,” Zajac says. “A coffee spill is a constant threat,” she warns, “but the damage is typically isolated. You still don’t want to rely on someone re-creating all of your work if a coffee spill or other localized damage even occurs, especially if it is the CEO’s laptop.” Zajac continues, “A hurricane is a rare and often well-predicted event, but the impact can be catastrophic. You can’t wait for a hurricane to build a plan.”

The good news is that a competent IT consultant can help you build a strategy, and a good vendor can protect you against many of these adverse events in one fell swoop.

Setting expectations

There’s no backup without recovery. But how do you know if your recovery process is sufficient? It should align with the objectives you establish before disaster strikes.

“On an endpoint, you can typically get very fast file backup and recovery so that you only lose minutes of data and all files are available online in a web interface for fast access,” Zajac says. “For servers, you need to tier systems into mission-critical applications and use a very low RPO solution, such as DRaaS. Non-mission critical infrastructure can withstand a few hours or days to get running again.” Zajac suggests doing an impact analysis. If a given system is offline, how much will it cost your business?

Cloud considerations

It’s not just devices that are worth protecting. Today, both personal and business users leverage the public cloud, like Microsoft 365 and Azure, for much of their storage and computing needs. A lot of people make the mistake of thinking cloud data is protected by the vendor. But this is not the case.

“Microsoft cannot tell the difference between accidental data loss and legitimate file deletions because the content is no longer relevant. It’s up to users and company admins to make this determination,” Zajac says. “Microsoft 365 credential attacks are on the rise. It’s only a matter of time before someone creates or spreads ransomware to Microsoft 365 native data. That won’t be a good day for anyone who doesn’t have a backup in place.”

Next steps

Never let a good catastrophe, or the threat of one, go to waste. Use this hurricane season to make sure you have a robust cyber security and resilience plan. And not just for hurricanes, but for all the ways you can lose access to data.

Bouncing Back from the Pandemic A Step-By-Step Guide for MSPs

To try to fight the isolation and uncertainty brought on by the COVID-19 outbreak, a few weeks ago we began what we’re referring to as “Office Hours” on the Webroot Community. It’s meant to be a forum where users can come together and pose their COVID/cybersecurity-related questions to some of our experts, and we try to help however we can.

The quality of questions and value of the dialogue were high right off the bat. It’s proven to be an excellent reminder of the usefulness of the Community in general. Some of the questions were even topical and popular enough to warrant a deep dive.

How can MSPs help their clients bounce back from these challenging times?” is a good example.

As the question suggests, it’s not all bad being an MSP right now. With many employees migrating to remote work, IT services are in high demand. That could explain why, according to a study by the RMM platform Datto, though about 40% of MSPs anticipate cutting revenue projections for the year, 84% still say it’s a good time to be an MSP.

There’s both opportunity and necessity in developing a plan to help small business clients stay afloat in a flagging economy. On the opportunity side, exceptional customer service can be a great way MSPs to stand out in an industry with typically tight margins. On the other hand, if an MSP’s clients’ tank, they will longer be around to need the MSPs services. So, the ability to be an IT advisor for clients’ through tough times is intimately tied to the success of the MSP themselves.

What follows are a few pieces of advice for doing that, but’s important to remember that there’s no stock solution for bouncing back as a business. Every client is unique and so are the pressures applied by the coronavirus and subsequent economic slowdown. But here are some generic tips for being your client’s go-to adviser for weathering the storm.

  1. Set-up a virtual ‘discovery’ meeting to discuss with them what their situation really is? This should be a (perhaps painfully) honest conversation about the state of the business and what obstacles stand on the way of then getting back to “business as usual.”
  2. Devise an agenda based on the services you provide today and the associated costs. Based on the client’s challenges (or strengths) what is affordable what can maybe be minimized? Has the business direction changed at all? Many SMBs may be looking to pivot considering COVID-19.
  3. Aim to be flexible (while remaining profitable) and willing to accommodate the period between their business restarting and establishing a new normal. Ask yourself if taking a slight hit in monthly income or margins is an acceptable sacrifice to make in order to help keep a potentially long-term client afloat?
  4. Next, work with a client to draw up a joint “Recovery Plan” with a timeline for scaling back up the workload and how you can specifically assist with their recovery. This may involve stressing the costliness of a data breach, downtime, and other ways your services help the clients bottom line suffering.
  5. Finally, schedule regular client account reviews (hopefully, you already have some version of these in place) to monitor technology-related pain points and assist with addressing them as reasonably as possible.

Economic recovery for small businesses will undoubtedly entail some tough decisions. But doing everything you can as an MSP to assist with that recovery by being proactive and establishing a common recovery plan will lead to a much stronger business relationship in the future. Not to mention establishing you as a trusted, reasonable business advisor for the life of the relationship. So, take advantage of the opportunity of helping your clients’ bounce back from this pandemic.

The Changing Face of Phishing: How One of the Most Common Attacks is Evolving

Most people are familiar with phishing attacks. After all, they’re one of the most common forms of data breach around.

At their most basic, phishing attacks are attempts to steal confidential information by pretending to be an authorized person or organization. Standard phishing is not targeted. It relies on achieving a few successes out of hundreds or thousands of attempts. But because it’s so cheap to pull off, both in terms of effort invested and cost to conduct, even one person taking the bait make a campaign worth a malicious actor’s time.

But phishing has evolved. “Standard” phishing as we commonly think of it is now only a subsection of tactics carried out to achieve the same end: to swipe confidential information from an unsuspecting target in order to extract something of value.

To better be on guard across the diverse group of tactics that fall under the umbrella of phishing, users should be familiar with the ways these attacks are conducted.

We’ll cover a few here, but to learn more, download the 11 Types of Phishing Attack eBook.

Spear Phishing

If standard phishing is akin to trawling the High Seas to catch users indiscriminately, spear phishers are out for the trophy catch. Where most phishing attacks cast a wide net, hoping to entice as many users as possible to take the bait, spear phishing involves heavy research of pre-defined, high-dollar target—like a CEO, founder, or public persona—often relying on publicly available information for a more convincing ruse. When the target is sizeable enough, the CEO of a large, publicly traded company say, spear phishing is sometimes called ‘whaling.’

Smishing

SMS-enabled phishing uses text messaging to delivering malicious links, often in the form of short codes to obscure the ultimate destination of a link, to ensnare smartphone users in their scams. The term is a portmanteau of SMS and phishing, and it’s an attractive method for cybercriminals because oh the high engagement rates for texts. According to some sources, SMS open rates are around 98% compared to 20% for email. Messages are often are often disguised as sweepstakes winnings, flash sales, coupon codes, and requests for charitable or political contributions.

Business Email Compromise (BEC)

One of the most expensive threats facing businesses today, business email compromise involves a phony email, usually claiming to be someone from within or associated with a target’s company, requesting a payment or purchase be made (often of gift cards). A “confidence game” according to the FBI, BEC attempts are often accompanied by a sense of high urgency to discourage critical thinking. Of the $3.5 billion the FBI estimates businesses lost to cybercrime in 2019, nearly half ($1.7 billion) was blamed on business email compromise.

Search Engine Phishing

In this type of attack, cyber criminals wait for you to come to them. Search engine phishing injects fraudulent sites, often in the form of paid ads, into results for popular search terms. These ads often promise amazing deals, career advancement opportunities, or low interest rates for loans. Remember, if it seems too good to be true, it probably is. Often, the only difference between the scam result and the one you’re looking for is a .com that should be a .org or a .org that should be a .gov. Be on the lookout for strange endings to URLs. It may be just a country-specific domain, but they can also be hiding something more sinister.

Protecting Yourself from Phishing Attacks

Protecting yourself from phishing attacks starts with knowing what’s out there. But while staying vigilant will keep most attackers at bay, no one can be 100% secure on their own. That’s why it’s important to use an antivirus that relies on up to date threat intelligence that can block these threats in real time as they are clicked. Also, it is imperative for businesses to train their users on the types of phishing attacks employees could fall for.

For more types of phishing attacks, real-world examples, and more tips for keeping yourself or your business safe from such attacks, download the 11 Types of Phishing Attack eBook.

There Are Savings to be Had in Cybersecurity. Just Not Where You Might Think.

Prior to the outbreak of the novel coronavirus, Webroot’s annual Threat Report highlighted a 640% increase in active phishing sites on the web. However difficult it may be to believe (or easy, depending on your outlook), things have gotten even worse since.  

From fake anti-malware sites named for the virus (Really. See below.), to phony tracker apps that actually stalk users, to Netflix and Disney+ phishing scams that steal login data by taking advantage of a coronavirus-induced “streaming boom,” cybercriminals are getting crafty with COVID-19.

Threat analysts at Webroot have been tracking the rise in registered domain names with names including “covid,” corona,” and “coronavirus” since the outbreak began, noting that 2 percent of the more than 20 thousand newly registered domains containing those terms are malicious in nature. Files marked malicious that included the word “Zoom” grew more than 2,000 percent.

All these threats have arisen concurrently with an economic downturn that’s brought about fear, uncertainty, and the need to cut costs. Depending on the shape the recovery takes, we could be living with these unfortunate realities for some time. That means cybersecurity spending will inevitably be considered for the chopping block within many organizations. This is a bad idea for the reasons listed above and a great many more.

What’s needed, instead, is a greater investment in cybersecurity. As the World Economic Forum stated in an article entitled “Why cybersecurity matters more than ever during the coronavirus pandemic,” cybercrime flourishes during times of fear and uncertainty. We’re also spending more time online and relying on digital productivity tools as much as ever.

“Pressure will mount on business leaders to take action to cut costs and security spend may be highlighted for reduction,” say’s Webroot Sr. Director of Product Nick Emanuel. “However, the economics here are clear—cybercriminals are not cutting their budgets and are waiting to exploit weaknesses.”

And if organizations decide to preserve their remote workforces in order to promote employee safety and cut facility costs, as many tech companies are already doing, the cybersecurity landscape could be altered permanently.

“With the unprecedented shift from office to work from anywhere, it’s crucial that businesses review their remote working policies for data protection, as well as security, and be prepared for the variety of different work environments,” said Emanuel.

Cybersecurity in a Strange New World

So, what can you do to enhance cybersecurity for your business or clients? Rather than dropping products or sacrificing protection, develop a laser focus on these four principles:

  1. Automation—Companies must consider how AI and machine learning can assist with cybersecurity tasks. Adoption of these technologies is already high, but understanding remains low. When used effectively, they can reduce the need for high-paying, talent-scarce positions, freeing up the talent you do have to think strategically about larger business issues. Automated backup for businesses also reduces workload and guards against data loss, which can be costly in terms of loss productivity and potential fines.
  • Education—Phishing is still the largest single source of data breaches, according to the latest Verizon Data Breach Investigation Report. Again, this is a quick way for malicious actors to install ransomware or to gain access to sensitive information, leading to downtime and fines. Luckily, users can be taught with some reliability to spot phishing attacks. Webroot’s research has found that, with ongoing training with a phishing simulator, click rates for phishing attacks can be reduced by more than 85%.
  • Insurance—Data breaches are existential threats for many small and mid-sized businesses (SMBs). According to IBM, data breaches for organization between 500 and 1,000 cost an average of $2.65 million. Normally, organizations would hedge against such astronomical threats. Cybersecurity shouldn’t be any different. The U.S. Cybersecurity & Infrastructure Security Agency (CISA) recommends cybersecurity insurance both as a means of promoting additional protection in exchange for more coverage and encouraging best practices for better premium rates.
  • Investment—Finally, businesses should invest wisely in their cyber resilience. This can be thought of as a holistic approach to cyber wellness that allows an organization to remain on its feet, even in the face of serious threats. Data security and data protection are essential components of cyber resilience. Data security entails endpoint security, sure, but also DNS filtering and security training for protection at the network and user levels. Data protection entails automated, encrypted backup and recovery for endpoints and servers to defend against ransomware, hardware failure, and device loss or theft. Together, these elements of cyber resilience reduce the likelihood of any one cyber setback being catastrophic for your business or clients.

MSPs and SMBs, rather than cutting costs by sacrificing their cybersecurity, should look to enhance it. While some of these steps may seem aimed at companies in a growth phase, they can actually improve the bottom line over the long run. After all, the costs of preparation pale in comparison to the cost of a breach.

Evasive Scripts: What They Are, and What We’re Doing About Them

“What’s an evasive attack? At a very basic level, it’s exactly what it sounds like; it’s a cyberattack that’s designed to hide from you,” says Grayson Milbourne, Security Intelligence Director at Webroot, an OpenText company.

Based on Grayson’s initial explanation, you can imagine that evasive tactics are pretty common throughout cybercriminal activities. But they’re especially prevalent in the context of scripts. Scripts are pieces of code that can automate processes on a computer system. They have tons of legitimate uses, but, when used maliciously, they can be extremely effective and difficult to detect or block.

With Grayson’s help, we’ll talk you through some of the common script evasion techniques that criminals use.

LolBins

Living off the Land Binaries (“LoLBins”) are applications that a Windows® system already has on it by default. Funny name aside, they’re extremely useful for attackers because they provide a way to carry out common steps of an attack without having to download anything new onto the target system. For example, criminals can use them to create persistency (i.e. enable the infection to continue operating after a reboot), spread throughout networked devices, bypass user access controls, and extracting passwords or other sensitive information.

There are dozens of LoLBins for criminals to choose from that are native to the Windows OS, such as powershell.exe, certutil.exe, regsr32.exe, and many more. Additionally, there are a variety of common third party applications that are pretty easy to exploit if present, such as java.exe, winword.exe, and excel.exe.

According to Grayson, this is one of the ways malicious hackers disguise their activities, because default OS applications are unlikely to be detected or blocked by an antimalware solution. He warns, “unless you have strong visibility into the exact commands that these processes are executing, then it can be very hard to detect malicious behavior originating from LoLBins.

Script Content Obfuscation

Like LoLBins and scripting overall, hiding the true content or behavior of a script—or content “obfuscation”—has completely legitimate purposes. But, in terms of malicious hacking, it’s pretty self-explanatory why obfuscation would lend itself to criminal activities. The whole point is not to get caught, right? So it makes sense that you’d take steps to hide bad activities to avoid detection. The screenshots below show an example of obfuscated code (top), with its de-obfuscated version (bottom).

Fileless and Evasive Execution

Using scripts, it’s actually possible to execute actions on a system without needing a file. Basically, a script can be written to allocate memory on the system, then write shellcode to that memory, then pass control to that memory. That means the malicious functions are carried out in memory, without a file, which makes detecting the origin of the infection (not to mention stopping it) extremely difficult.

Grayson explains, “one of the issues with fileless execution is that, usually, the memory gets cleared when you reboot your computer. That means a fileless infection’s execution could be stopped just be restarting the system. Persistence after a reboot is pretty top-of-mind for cybercriminals, and they’re always working on new methods to do it.”

Staying Protected

The Windows® 10 operating system now includes Microsoft’s Anti-Malware Scan Interface (AMSI) to help combat the growing use of malicious and obfuscated scripts. That means one of the first things you can do to help keep yourself safe is to ensure any Windows devices you own are on the most up-to-date OS version.

Additionally, there are several other easy steps that can help ensure an effective and resilient cybersecurity strategy.

  • Keep all applications up to date
    Check all Windows and third party apps regularly for updates (and actually run them) to decrease the risk of having outdated software that contains vulnerabilities criminals could exploit.
  • Disable macros and script interpreters
    Although enabling macros has legitimate applications, the average home or business user is unlikely to need them. If a file you’ve downloaded gives you a warning that you need to enable macros, DON’T. This is another common evasive tactic that cybercriminals use to get malware onto your system. IT admins should ensure macros and script interpreters are fully disabled to help prevent script-based attacks. You can do this relatively easily through Group Policy.
  • Remove unused 3rd party apps
    Applications such as Python and Java are often unnecessary. If present and unused, simply remove them to help close a number of potential security gaps.
  • Educate end users
    End users continue to be a business’ greatest vulnerability. Cybercriminals specifically design attacks to take advantage of their trust, naiveté, fear, and general lack of technical or security expertise. By educating end users on the risks, how to avoid them, and when and how to report them to IT personnel, businesses can drastically improve their overall security posture.
  • Use endpoint security that includes evasive script protection
    In a recent update to Webroot® Business Endpoint Protection, we released a new Evasion Shield policy. This shield leverages AMSI, as well as new, proprietary, patented detection capabilities to detect, block, and quarantine evasive script attacks, including file-based, fileless, obfuscated, and encrypted threats. It also works to prevent malicious behaviors from executing in PowerShell, JavaScript, and VBScript files, which are often used to launch evasive attacks

Malicious hackers are always looking to come up with new ways to outsmart defenses. Grayson reminds us, “It’s up to all of us in cybersecurity to research these new tactics and innovate just as quickly, to help keep today’s businesses and home users safe from tomorrow’s threats. There’s always more work to be done, and that’s a big part of what drives us here at Webroot.”


To learn more about evasive scripts and what Webroot is doing to combat them, we recommend the following resources:

DoH Is Here to Stay: Why Businesses Should Embrace It

While the proliferation of encrypted DNS is being driven by consumer privacy, businesses will want to take notice. Encrypted DNS – also known as DNS over HTTPS, or DoH – obscures internet traffic from bad actors. But it also has the potential to decrease visibility for IT admins whose responsibility it is to manage DNS requests for their organizations. So, what’s the solution? Strangely, DoH.

As previously mentioned, DoH is now the default for Mozilla Firefox. It’s also available in Google Chrome and other Chromium-based browsers. This is a win for consumers, who have newfound control over who can see where they’re going on the internet.

DNS over HTTPS (DoH) offers amazing privacy benefits, but can also bring security drawbacks. Hear what businesses and MSPs need to know about DNS 2.0.

However, by surrendering control over DNS requests to the browser, IT administrators lose the ability to apply filtering to DNS requests. Encrypted DNS that skirts the operating system eliminates the visibility that IT admins need to ensure security for internet traffic on their networks. It also prevents the business from being able to run threat intelligence against DNS requests and identify dynamic malware that could circumvent consumer DoH implementations. This leads to gaps in security that businesses can’t afford.

Staying ahead of the curve

There is a way to ensure privacy over DNS requests while maintaining control and visibility into network activity. The solution is to apply DoH across the entire system, not just browser activity. By wresting control over DNS requests from the browser, the agent can instruct Firefox not to engage its DoH feature. The same holds true for Chrome users running DoH. These requests are passed back through the operating system, where the DNS solution can manage them directly. This helps support both filtering and visibility.

An advanced agent will manage DNS requests on the device securely through DoH so the requests go directly to the server with no other entity having visibility into them. At the same time, the agent can apply threat intelligence to ensure requests aren’t resolving to malicious destinations. Admins have visibility into all DNS requests, and the requests are encrypted.

When the agent detects a prohibited resource, it returns the IP address of a block page. So, if there’s a virus on the system and it’s trying to access a command and control server to deliver a malicious payload, it won’t be able to. It also prevents botnets from being able to connect since they also leverage DNS. For any process that requests something from the internet, if it doesn’t get the resource that it’s requesting, it’s not going to be able to act on it.

Privacy plus security

The novel coronavirus didn’t start the mobile workforce phenomenon, but it certainly has accelerated it. The traditional perimeter firewall with all systems and devices living behind it no longer exists. Modern networks extend to wherever users connect to the internet. This includes the router someone bought from a kid down the street, and the home network that was set up by a consulting company 10 years ago and hasn’t been patched or updated since.

When someone on their home network opens a browser and goes to their favorites, they’re not expecting to get phished. But if they’re resolving to an alternative IP address because DNS is not being managed, is broken or is being redirected, they may be exposed to phishing sites. Enter encrypted DNS as another layer of protection within your cyber resilience portfolio. It starts working against a higher percentage of threats when you stack it with other layers, reducing the likelihood of being infected. It also addresses a blind spot that allows exploits to go undetected.

Embracing DoH

Privacy is the main driver for DoH adoption by consumers, while business agendas are generally driven by security. As a business, controlling DNS requests allows you to protect both the business and the user. If you don’t have that control and visibility, the user is potentially more exposed. And, if you don’t apply threat intelligence and filtering to DNS requests, a user can more easily click on malware or land on a phishing site.

To learn more about encrypted DNS read the whitepaper or review the FAQs.