Business + Partners

Unexpected Side Effects: How COVID-19 Affected our Click Habits

Phishing has been around for ages and continues to be one of the most common threats that businesses and home users face today. But it’s not like we haven’t all been hearing about the dangers of phishing for years. So why do people still click? That’s what we wanted...

Key Considerations When Selecting a Web Classification Vendor

Since launching our web classification service in 2006, we’ve seen tremendous interest in our threat and web classification services, along with an evolution of the types and sizes of cybersecurity vendors and service providers looking to integrate this type of...

4 Ways MSPs Can Fine-Tune Their Cybersecurity Go-To-Market Strategy

Today’s work-from-home environment has created an abundance of opportunities for offering new cybersecurity services in addition to your existing business. With cyberattacks increasing in frequency and sophistication, business owners and managers need protection now...

Ransomware: The Bread and Butter of Cybercriminals

Imagine a thief walks into your home and rummages through your personal belongings. But instead of stealing them, he locks all your valuables into a safe and forces you to pay a ransom for the key to unlock the safe. What choice do you have? Substitute your digital...

5 Ways to Improve Business Cyber-Resilience

Reading Time: ~ 3 min.

A popular military maxim speaks to the need for redundancy and it goes like this: “Two is one and one is none.” Redundancy is also a key principle when it comes to cyber-resilience. A popular rule in data protection and disaster recovery is called the 3-2-1 backup rule. IT pros often borrow from military strategies when approaching cyber-resilience, including a strategy known as “defense in depth.”

Defense in depth is a useful framework for protecting IT environments. It acknowledges that hackers will often use evasive tactics or brute force to overrun the outer-most layer of defense. So, multiple layers of defense are necessary – or defense in depth – to anticipate and mitigate lost ground. Cyber-resilience is a very high priority for businesses. So, we put together these five tips for improving cyber-resilience based on a defense-in-depth approach.

Tip #1: Sharpen perimeter defenses

Cybercriminals are getting better at using evasive tactics to circumvent company firewalls and antivirus. Some of these evasive tactics include file-based, file-less, obfuscated and encrypted script attacks. To counter these tactics, we’re rolling out a new shield technology to detect, block and remediate evasive attacks much faster and more effectively than before. Webroot® Evasion Shield stops attacks that elude other endpoint protection solutions. Cloud-based threat intelligence further increases resilience at the perimeter.

Tip #2: Strengthen the first line of defense – people

The primary vector for malware distribution is phishing attacks. While cybercriminals find increasingly deceptive ways to trick employees into downloading malicious code, not enough businesses are countering by educating their workforces about identifying suspicious activity. With employees being the weakest link in the cyber-security chain, the solution is regular security awareness training, with phishing simulations and courses on best practices for identifying and reporting suspicious activity.

Tip #3: Secure your DNS connection

The domain name system (DNS) is what allows internet traffic to find your website. But DNS protocols were not designed for security. In fact, they’re highly vulnerable to cyberattacks, including cache poisoning, DDoS, DNS hijacking, botnets, Command-and-Control (C&C) and man-in-the-middle attacks. A cloud-based DNS security solution enables businesses to enforce web access policies and stop threats at the network’s edge before they ever hit the network or endpoints.

Tip #4: Create and deploy a backup strategy 

Redundancy is essential for cyber-resilience. Businesses must consider a scenario where malware circumvents outer defenses. Since detecting and remediating malware infections can be time-consuming, it’s important to have copies of files and data for business continuity. Scheduled backup with file versioning is necessary for mitigating malware infections and other forms of data loss. The scheduling feature is crucial since leaving it up to users exposes backup policy to human error.

Tip #5: Test recovery strategy regularly

Backup and recovery go hand-in-hand. And backup is only effective if it enables rapid recovery with minimal disruption. It’s important to test disaster recovery practices and procedures before you experience a live disaster scenario. Disasters come in different shapes and sizes, so it’s important to test simple file and folder recovery as well as large-scale system restore. Also, some systems are more critical than others. Tier-one systems (the most critical) need high levels of uptime, approaching 100%. This traditionally requires a secondary data center that is very costly to acquire and maintain. This is no longer the case. Disaster recovery as a service reduces the cost of standing up a secondary environment. It also allows for frequent testing of disaster recovery protocols. Businesses should test once a quarter – or at least once a year – to ensure systems are cyber-resilient when necessary.

To get started on the road to cyber resilience, take a fee trial here.

The Truth about Hackers, in Black and White (and Grey)

Reading Time: ~ 4 min.

Did you know there are three primary types of hacker—white hats, black hats, and grey hats—and that there are subcategories within each one? Despite what you may have heard, not all hackers have intrinsically evil goals in mind. In fact, there are at least 300,000 hackers throughout the world who have registered themselves as white hats.

Also known as ethical hackers, white hats are coders who test internet systems to find bugs and security loopholes in an effort to help organizations lock them down before black hat hackers, i.e. the bad guys, can exploit them. Black hats, on the other hand, are the ones we’re referring to when we use words like “cybercriminal” or “threat actor.” These are hackers who violate computer security and break into systems for personal or financial gain, destructive motives, or other malicious intent.

The last of the three overarching types, grey hat hackers, are the ones whose motives are, well, in a bit of a grey area. Similar to white hats, grey hats may break into computer systems to let administrators know their networks have exploitable vulnerabilities that need to be fixed. However, from there, there’s nothing really stopping them from using this knowledge to extort a fee from the victim in exchange for helping to patch the bug. Alternatively, they might request a kind of finder’s fee. It really depends on the hacker.

So, hackers can be “good guys”?

Yes, they absolutely can.

In fact, there’s even an argument that black hats, while their motivations may be criminal in nature, are performing a beneficial service. After all, each time a massive hack occurs, the related programs, operating systems, businesses, and government structures are essentially shown where and how to make themselves more resilient against future attacks. According to Keren Elezari, a prominent cybersecurity analyst and hacking researcher, hackers and hacktivists ultimately push the internet and technology at large to become stronger and healthier by exposing vulnerabilities to create a better world.

Why do they hack?

The shortest, simplest answer: for the money.

While white and grey hat hackers have altruistic motives in mind and, at least in the former group, are invested in ensuring security for all, the fact of the matter is that there’s a lot of money to be made in hacking. The average Certified Ethical Hacker earns around $91,000 USD per year. Additionally, to help make their products and services more secure, many technology companies offer significant bounties to coders who can expose vulnerabilities in their systems. For example, Apple offered a reward of $1.5 million USD last year to anyone who could hack an iPhone to find a serious security flaw. There are even groups, such as HackerOne, which provide bug bounty platforms that connect businesses with ethical hackers and cybersecurity researchers to perform penetration testing (i.e. finding vulnerabilities). Multiple hackers on the HackerOne bug bounty platform have earned over $1 million USD each.

And for black hats, theft, fraud, extortion, and other crimes can pay out significantly more. In fact, some black hats are sponsored by governments (see the Nation-State category below).

You mentioned subtypes. What are they?

As with many groups, there’s a wide range of hacker personas, each with different motivations. Here are a few of the basic ones you’re likely to encounter.

Script Kiddies

When you picture the stereotypical “hacker in a hoodie”, you’re thinking of a Script Kiddie. Script Kiddies are programming novices who have at least a little coding knowledge but lack expertise. Usually, they get free and open source software on the dark web and use it to infiltrate networks. Their individual motives can place them in black, white, or grey hat territory.

Hacktivists

Ever hear of a group of hackers called Anonymous? They’re a very well-known example of a hacktivist group who achieved notoriety when they took down the CIA’s website. Hacktivists are grey hat hackers with the primary goal of bringing public attention to a political or social matter through disruption. Two of the most common hacktivist strategies are stealing and exposing sensitive information or launching a denial of service (DDoS) attack.

Red Hats

Red hats are sort of like grey hats, except their goal is to block, confound, or straight-up destroy the efforts of black hat hackers. Think of them like the vigilantes of the hacker world. Rather than reporting breaches, they work to shut down malicious attacks with their own tools.

Nation-State

Remember earlier in this post when we mentioned that some black hats are sponsored by governments? That would be this group. Nation-state hackers are ones who engage in espionage, social engineering, or computer intrusion, typically with the goal of acquiring classified information or seeking large ransoms. As they are backed by government organizations, they are often extremely sophisticated and well trained.

Malicious Insiders

Perhaps one of the more overlooked threats to a business is the malicious insider. An insider might be a current or former employee who steals or destroys information, or it might be someone hired by a competitor to infiltrate an organization and pilfer trade secrets. The most valuable data for a malicious insider is usernames and passwords, which can then be sold on the dark web to turn a hefty profit.

What are your next steps?

Now that you better understand the hacker subtypes, you can use this information to help your organization identify potential threats, as well as opportunities to actually leverage hacking to protect your business. And if you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

Beyond the educational steps you’re taking, you also need to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.

DNS is on the Verge of a Major Overhaul

Reading Time: ~ 4 min.

One of the things about working in internet technology is nothing lasts forever… [Students] come to me and they say, ‘I want to do something that has an impact 20, 50, or 100 years from now.’ I say well maybe you should compose music because none of this technology stuff is going to be around that long. It all gets replaced.” -Paul Mockapetris, co-inventor of the domain name system (DNS)

As foresighted as he may have been, the DNS inventor Paul Mockapetris got one thing wrong in a retrospective interview about his contribution to internet history. Namely, some aspects of technology do have at least 20-year staying power. In this case, his own invention: the domain name system.

But DNS, just three years shy of its fortieth birthday, is on the cusp of a major reimagining. One that could enhance the privacy of business and private users alike for some time to come. According to some experts, it may even be worthy of the title “DNS 2.0.”

The Problem with DNS Today

While DNS has evolved significantly in the more than 35 years since originally conceived, the skeletal structure remains much the same. DNS is the internet’s protocol for translating the URLs humans understand into the IP addresses machines do.

The problem is that this system never meant to consider privacy or security. With DNS today, requests are made and resolved in plain text, providing intrusive amounts of information to whomever may be resolving or inspecting them. That is most likely an internet service provider (ISP), but it may be a government entity or some other source. In authoritarian countries, governments can use this information to prosecute individuals for visiting sites with outlawed content. In the United States, it’s more likely to be monetized for its advertising value.

“The problem with DNS is it exposes what you’re doing,” says Webroot product manager and DNS expert Jonathan Barnett. “If I can log a user’s DNS requests, I can see when they work, when they don’t, how often they use Facebook, the Sonos Speakers and Google Nests on their network, all of that. From a privacy perspective, it shows what on the internet is associating with me and my network.”

This can be especially problematic in terms of home routers. Whereas business networks tend to be relatively secure—patched, up-to-date, and modern—”everyone’s home router tends to be set up by someone’s brother-in-law or an inexperienced ISP technician,” warns Barnett. In this case, malicious hackers can change DNS settings to redirect to their own resolvers.

“If you bring a device onto this network and try to navigate to one of your favorite sites, you may never wind up where you intended,” says Barnett.

In the age of COVID-19, it’s becoming an even bigger problem for employers. With a larger workforce working from home than perhaps ever before, traditional defenses at the network perimeter no longer remain.

“To maintain resilience,” says Barnett, “companies need to extend protection beyond the business network perimeter. One of the best ways to do that is through DNS protection that ensures requests are resolved through a trusted resolver and not a potentially misconfigured home network.”

DoH: The Second Coming of DNS

In response to these concerns, DNS over HTTPS (DoH) offers a method for encrypting DNS requests. Designed by the Internet Engineering Task Force, it leverages HTTPS privacy standard to mask these requests from those who may seek to use the information improperly. The same encryption standards used by banks, credit monitoring services, and other sites dealing in sensitive information display to prove their legitimacy is also used with DoH.

It does this by effectively ‘wrapping’ DNS requests with the HTTPS encryption protocols to ensure the server you connect with is the server you intended to connect with and that no one is listening in those requests, because all the traffic is encrypted.

“It makes sure no one is messing with a user by changing the results of a request before it’s returned,” says Barnett.

In addition to improving privacy around device usage—remember any internet-connected device needs to “phone home” occasionally, therefore initiating a DNS request—DoH also addresses several DNS-enabled attack methods. This includes DNS spoofing, also called DNS hijacking, whereby cybercriminals redirect a DNS request to their own servers in order to spy on or alter communications. By encrypting this traffic, it essentially becomes worthless as a target.

So, while the domain name system has served the internet and its users well for decades, the time may have come for a change.

“The creators of DNS, in their wildest dreams, imagined the system may be able to accommodate up to 50 million domains. We’re at 330 million now. It’s amazing what they achieved,” says Barnett. “But DNS needs to evolve. It’s been a great tool, but it wasn’t designed with privacy or security as a priority. DoH represents the logical evolution of DNS.”

Toward A DoH-Enabled Future

Several major tech players, like Mozilla with its Firefox browser, have already made the leap to using DoH as its preferred method of resolving requests. Many companies, however, would prefer to retain control of DNS and are concerned about applications making independent rogue DNS requests. Losing this control can compromise security as it limits the ability of a business to filter and process these requests.

As application creators strive for better privacy for their users and business always look improve security, a balance must be found. By limiting whether applications can enable DoH, Webroot® DNS Protection has designed its agent to retain control of DNS requests, and while also running each request through Webroot’s threat intelligence platform, both privacy and security is improved.

It’s next release, expected in the coming months, will be fully compatible with the new DoH protocol in service to the security and privacy of its users.

The Problem with HTTPS

Reading Time: ~ 3 min.

Despite the intent of ensuring safe transit of information to and from a trusted website, encrypted protocols (usually HTTPS) do little to validate that the content of certified websites is safe.

With the widespread usage of HTTPS protocols on major websites, network and security devices relying on interception of user traffic to apply filtering policies have lost visibility into page-level traffic. Cybercriminals can take advantage of this encryption to hide malicious content on secure connections, leaving users vulnerable to visiting malicious URLs within supposedly benign domains.

This limited visibility affects network devices that are unable to implement SSL/TLS decrypt functionality due to limited resources, cost, and capabilities. These devices are typically meant for home or small business use, but are also found in the enterprise arena, meaning the impact of this limited visibility can be widespread.

With 25% of malicious URLs identified by Webroot hosted within benign domains in 2019, a deeper view into underlying URLs is necessary to provide additional context to make better, more informed decisions when the exact URL path isn’t available.

Digging Deeper with Advanced Threat Intel

The BrightCloud® Web Classification and Web Reputation Services offers technology providers the most effective way to supplement domain-level visibility. Using cloud-based analytics and machine learning with more than 10 years of real-world refinement, BrightCloud® Threat Intelligence services have classified more than 842 million domains and 37 billion URLs to-date and can generate a predictive risk score for every domain on the internet.

The Domain Safety Score, available as a premium feature with BrightCloud® Web Classification and Reputation services, can be a valuable metric for filtering decisions when there is lack of path-level visibility on websites using HTTPs protocols. Even technology partners who do have path-level visibility can benefit from using the Domain Safety Score to avoid the complexity and compliance hurdles of deciding when to decrypt user traffic.

The Domain Safety Score is available for every domain and represents the estimated safety of the content found within that domain, ranging from 1 to 100, with 1 being the least safe. A domain with a low score has a higher predictive risk of having content within its pages that could compromise the security of users and systems, such as phishing forms or malicious downloads.

Using these services, organizations can implement and enforce effective web policies that protect users against web threats, whether encrypted through HTTPs or not.

Devising Domain Safety Scores

As mentioned, a Domain Safety Score represents the estimated safety of the content found within that domain. This enables better security filtering decisions for devices with minimal page-level visibility due to increasing adoption of HTTPS encryption.

How do we do it?

BrightCloud uses high-level input features to help determine Domain Safety Scores, including:

  • Domain attribute data, including publicly available information associated with the domain, such as registry information, certificate information, IP address information, and the domain name itself.
  • Behavioral features obtained from historical records of known communication events with the domain, gathered from real-world endpoints.
  • A novel deep-learning architecture employing multiple deep, recurrent neural networks to extract sequence information, feeding them into a classification network that is fully differentiable. This allows us to use the most cutting-edge technology to leverage as much information possible from a domain to determine a safety score.
  • Model training using a standard backpropagation through time algorithm, fully unrolling all sequences to calculate gradients. In order to train such a network on a huge dataset, we have developed a custom framework that optimizes the memory footprint to run efficiently on GPU resources in a supercomputing cluster. This approach allows us to train models faster and iterate quickly so we can remain responsive and adapt to large changes in the threat landscape over time.

A secure connection doesn’t have to compromise your privacy. That’s why Webroot’s Domain Safety Scores peek below the domain level to the places where up to a quarter of online threats lurk.

Learn more about Domain Safety Scores, here.

Hackers: Fact vs. Fiction

Reading Time: ~ 3 min.

Have you ever watched a movie and seen a character doing something you know how to do, and thought to yourself, “jeez, that’s totally wrong. Couldn’t they have done a little research?”

That’s exactly what hackers think when they watch movies, too. For most of us, the image that comes to mind when we hear the word “hacker” is pretty stereotypical: probably a young guy wearing a hoodie and headphones, in a basement, surrounded by fancy displays full of unintelligible code that looks like it’s straight out of the 1999 movie the Matrix, with only nefarious intentions at heart. We have that image for a reason; that’s how many films have portrayed such characters.

But, just like those times when you see a movie or TV character totally screwing up the thing you know how to do, this stereotype just isn’t accurate. Not all hackers have the same motives. In fact, not all of them are even “bad guys.” Misunderstanding leads to fear, and acting out of fear is never a good thing. If you want to stay safe from cyber-related risks in the modern world, it’s important to understand the myth vs. the reality.

Common Myths

  1. Every hacker is a criminal with evil intentions, who wants to break systems, steal information, steal money, cause destruction, commit cyber-espionage, or engage in other illegal activity online
  2. All hackers are male
  3. Hackers work alone, exclusively
  4. Hackers have to work really fast, or else they’ll get caught by the authorities
  5. There isn’t much money to be made, so hackers have to send lots of attacks to make their efforts worthwhile
  6. Hackers only go after large corporations and government systems.

The Truth about Hackers

  1. The word “hacker” really just refers to an individual who uses computers, networking, or other technology and related skills to accomplish a particular goal. That goal may not have anything to do with criminal activity, even if it involves gaining access to computer systems. In fact, some hackers use their skills for good, helping businesses and individuals become better able to prevent attacks by malicious hackers
  2. Just like their varied motivations, hackers come in all shapes and sizes. While the average self-proclaimed “hacker” is likely to be male and under 35, they can be of any gender, age, ethnicity, etc.
  3. As with most pursuits in life, hacking tends to be most productive when conducted by a team. It’s actually pretty common for hackers to be involved in larger groups or organizations. Some of them even have salaries and set holidays, just like the rest of us in the non-hacking working world, and may have customers and sales arrangements that include things like reseller portals and component rental
  4. A rushed job is a bad job, plain and simple. Hackers have the time to take a slow and methodical approach to accomplish their aims. They know they’re more likely to be successful if they research targets, do recon, and take the time to work out the best angles of approach. In contrast, victims of attacks typically have a very short amount time in which to react or recover, especially in the case of ransomware.
  5. There’s a lot of money to be made in hacking. As of the most recent Cost of a Data Breach Report, the average cost of a data breach is $3.92 million, and nearly 3 in 4 (71%) of breaches are financially motivated. In fact, the average hacker can earn up to 40 times the median wage of a software engineer.
  6. Although large corporations can be desirable targets, they often have larger security budgets and teams of security professionals dedicated to protecting the business. You might think hackers have bigger fish to fry, but small and medium-sized businesses (SMBs) are prime targets. More than 70% of cyberattacks target small businesses. In particular, more attacks are focusing on MSPs specifically because of their SMB clients. Breaching a single MSP could open up data access to their entire client base.

So what do you do?

You’re already on your way. By better understanding the true methods and motivations behind the myths, you can begin to lock down your business and protect your customers against today’s biggest threats. If you haven’t already, check out our Lockdown Lessons, which include a variety of guides, podcasts, and webinars designed to help MSPs and businesses stay safe from cybercrime.

The next step is to ensure your security stack includes a robust endpoint protection solution that uses real-time threat intelligence and machine learning to prevent emerging attacks. Learn more about Webroot® Business Endpoint Protection or take a free trial here.

Staying Cyber Resilient During a Pandemic

Reading Time: ~ 4 min.

We’re all thinking about it, so let’s call it out by name right away. The novel coronavirus, COVID-19, is a big deal. For many of us, the structure of our lives is changing daily; and those of us who are capable of doing our work remotely are likely doing so more than we ever have before.

Are you prepared for today’s attacks? Discover the year’s biggest cyber threats with the annual Webroot Threat Report.

It’s not likely that cybercriminals will cut us a break during this difficult time of quarantine and pandemic outbreak. If anything, we will only see an increase of attacks and ransom amounts since this is when infrastructures of modern civilization are needed most but have the least amount of time to react and debate on paying or negotiating the price. Also, many of the cybercriminals who breach and ransom as a side job are now forced to either work from home or their shifts are completely canceled, leaving them with more time and motivation to make up their income elsewhere. This is a prime circumstance for increased cyberattacks, and individuals and businesses should be hyper aware of their behavior both online and offline.

Not only are phishing and ransomware attacks, which tend to capitalize on current headlines, on the rise, but business email compromise (BEC) is also up. BEC is when a cybercriminal breaks into a legitimate corporate email account and impersonates the real owner to defraud the business or its partners, customers, or employees into sending money or sensitive data to the attacker. With so many more people working remotely and less able to verify emailed requests from coworkers as legitimate, you can imagine how this threat could run rampant.

What follows are cyber resilience tips for staying safe, both for individuals in their personal lives and for businesses with remote workers.

Cyber Resilience Tips for Individuals

What to do:

What NOT to do:

  • Do not open emails regarding COVID-19 from unknown senders. These could be phishing scams.
  • Do not click on links in emails regarding COVID-19. Email links can be used to spread computer viruses and other malware.
  • Do not download or open email attachments from unknown senders. These could contain viruses and other malware.
  • Do not click on links in social media messages, even if they are from someone you know. Your contacts’ accounts may have compromised.
  • Do not click on ads or social media posts regarding COVID-19. They may be fake and contain malicious content.
Watch out for SMS-based phishing attacks that may look like this.

Cyber Resilience Tips for Businesses

The best defense is prevention. To prevent, you have to plan ahead.

Be prepared for remote work conditions.

Life gets in the way. Between severe weather, personal emergencies, illness, and worker wellbeing, employees need to be able to work from home for a variety of reasons.

  • Enable everyone to work from off-site locations.
  • Ensure all employees feel welcome to work from home when needed.
  • Install robust endpoint security on all devices so employees and data stay safe.
  • Give all employees access to a VPN to help protect corporate data, wherever they connect.
  • Implement measures to back up data saved on local devices while workers are remote.
  • Add collaboration tools so teams can continue to work together while physically separated.
  • Warn employees about phishing and BEC. Share the Cyber Resilience Tips for Individuals we included above, and encourage employees to be extra vigilant about unexpected invoices or other financial requests. Even when we’re all remote, it only takes a quick phone call to verify the legitimacy of an unusual request.

Be prepared for threats to your data.

From modern cyberattacks to natural disasters and physical damage, there are a lot of threats to your critical business data.

  • Protect all endpoint devices, including computers and servers, with next-generation cybersecurity solutions.
  • Create a data backup process for data availability at alternate business locations when the main office is closed.
  • Implement high-availability data replication and migration safeguards ensure data is available, no matter what happens.
  • Add protection for Microsoft Office 365 and other collaboration platforms so content stored and shared in the cloud stays safe.
  • Use a solution that includes device monitoring, tracking, and remote erase functionality so lost or stolen devices can be located or wiped.
  • Empower employees to become a strong line of defense by educating them about cybersecurity and data safety risks.
  • Make sure to use RDP solutions that encrypt the data and use 2FA authentication when remoting into other machines as the presence of an open port with RDP was associated with 37% greater likelihood of a ransomware attack.

Our Commitment to Resilience

Rest assured, we’re practicing what we preach. All of our global employees are able to work from home securely. In these crazy times, it’s more important than ever to redouble our focus on helping each other. At Webroot, we feel it’s our social responsibility to do what we can to keep one another safe, both online and offline. We hope you’ll join us in our commitment to resilience. Stay safe and healthy, everyone.

World Backup Day: A Seriously Good Idea

Reading Time: ~ 3 min.

“Cold Cuts Day,” “National Anthem Day,” “What if Cats and Dogs had Opposable Thumbs Day”…

If you’ve never heard of World Backup Day, you’d be forgiven for thinking it’s another of the gimmicky “holidays” that seem to be snatching up more and more space on the calendar.

(Did you know that single quirky duo, Ruth and Tom Roy, are responsible for copyrighting more than 80 of these holidays, including Bathtub Party Day, held annually on December 5?)

Not so, though, for World Backup Day. While, according to WorldBackUpDay.com, it was founded by a few “concerned users” on the social media site reddit, the day’s dedication is a decidedly serious one.

March 31 was established as “a day for people to learn about the increasing role of data in our lives and the importance of regular backups.”

Each April Fool’s-eve, the site invites humans all over the planet to not be fools and to back up their data. In celebration of World Backup Day, we sat down with Webroot Product Marketing Director George Anderson to see how users can ensure they stay cyber resilient by adhering to good data backup practices.

For World Backup Day, what’s the one piece of advice you’d give to a small or medium-sized business? An everyday computer user, like a parent?

Losing data used to be something that happened because a hard disk failed, a device was lost or stolen, or some other unforeseen accident made a device unusable. These remain risks. But these days, it’s just as likely your data is being held for a ransom or some nasty infection has destroyed it for good.

Up-to-date backups are essential. Remember: it’s not if something will happen to your data, but when. So, prepare for the unexpected. Easily restored data backups let you be more resilient against cyber-attacks and better able to recover customer data, financial information, business-critical files, and precious memories. Anything irreplaceable should be regularly backed up without a second thought, or worse, a passive “it won’t happen to me.”

Thankfully, many of today’s backup solutions are easy-to-use and affordable. My advice is to not become the next data loss or ransomware victim. Simply invest a little into backup software and rest easy knowing you’re covered.

Why is it important that World Backup Day be celebrated year-round? How can we keep the spotlight on backup and cyber resilience?

For those with backup technology in place, World Backup Day should be a reminder of the importance digital information plays in our daily lives, and to check up on existing backups to make sure they are being properly made and that they can be easily restored.

Unfortunately, “set-and-forget” technologies like automated backup and recovery solutions are rarely revisited – until we need them to be 100 percent. So, checking regularly that they’re correctly configured and working properly is important.

For those not currently backing up their data regularly, the day should bring into focus a glaring hole in your home or business data security. Perhaps take the time to consider the impact losing your data forever would have? Then take action.

Back up is no longer a “nice-to-have” capability. In a world where our lives are increasingly digital and our data is threated at lots of different angles, backup is crucial aspect of data security.

What’s the difference between backup and cyber resilience? Should companies be putting more of an emphasis on cyber resilience?

Backup is a key component of cyber resilience, though it’s not the only one. But it does make what could be an existential event, like a total loss of business or personal data, a setback that can be recovered from.

Cyber resilience is first and foremost about detecting, protecting and preventing attacks on your data in the first place. But then, even if your attack detection, protection and prevention defenses fail, your backup and recovery solutions ensure your data isn’t lost for good.

Cyber resilience is not a choice between security and backing up your data. It’s about covering both bases, so if a serious data compromise does occur, recovery is quick and painless to the business

This World Backup Day, take the pledge:

“I solemnly swear to back up my important data and precious memories on March 31st.”

And don’t forget to make sure that both cybersecurity and backup and recovery solutions are in place for your business or home office.

Cybersecurity Predictions for 2020: What Our Experts Have to Say

Reading Time: ~ 3 min.

As the year draws to a close, the cybersecurity analysts at Webroot and Carbonite pull out their crystal balls to make their predictions for the year ahead. 

Our experts predict many of the trends they’ve been tracking throughout the year—well-researched attacks, RDP compromise, and the importance of user education—will continue into the New Year. But they’ll be affected by new industry developments such as impending privacy regulations, AI-enabled attacks, and attacks targeting developing nations. 

Highly Targeted Ransomware Will Continue to Devastate Businesses

Unsurprisingly, our experts predict the strong trend toward highly targeted ransomware will bleed into 2020.  

“Highly targeted ransomware will likely continue,” predicts Webroot Software Management Manager Eric Klonowski. “Next year, we predict ransom-motivated attackers will more pointedly observe automatic backup solutions and make attempts to remove and alter the backup data or the task itself.” Klonowski said. 

High-effort, low-volume surveillance techniques are now favored by ransomware operators like the Bitpaymer Group, which has been known to customize ransomware only hours before deploying an attack, first tailoring it to observations gathered on their targets. 

We should expect actors like these to continue to gain access to networks from where they can observe financial transactions and valuable information before determining the most profitable way to strike at their intended targets. 

Phishing will likely also become more targeted as data collected from breaches is incorporated into phishing emails. Things like passwords and recent transactions can go a long way in convincing people an email is legit.—Grayson Milbourne, Security Intelligence Director, Webroot

Long-Awaited Privacy Legislation Will Finally Arrive in the U.S. 

We expect that privacy and security will continue to jockey for primacy of concern in the minds of U.S. citizens. California, which has long led the fight for more stringent data privacy for consumers, is set to enact a law in early 2020 that has often drawn comparisons to Europe’s GDPR. 

As noted by Tech Crunch, California’s new data privacy act, like GDPR, will extend to all organizations that do business with Californians, effectively making it the law of the land nationwide. But Webroot Product Marketing Director George Anderson predicts a groundswell of support among U.S. citizens for stricter data privacy regulations. 

“U.S. citizens will step up their demands for privacy in 2020,” he says. “Privacy legislation in the U.S., which has lagged behind other nations, will be a central issue.” 

But rather than settling for a new set of standards, Anderson wouldn’t be surprised if entirely new revenue models are explored. Models that rely less on selling personal data than, say, subscription fees or some other alternative. 

“I would expect an alternative paid for services that don’t abuse data will emerge, Anderson says. “The existing, untrusted purveyors of convenience will try to pivot, but ultimately lose out heavily. Legislation and technology are starting to converge due to so many abuses of privacy.”

“Adversarial attacks against AI-based security products will likely grow in scope and complexity, which would highlight the fact that  there are fundamentally two types of AI in cybersecurity: AI which acts like a smarter conventional signature and AI which is built into every facet of an intelligent, cloud-based platform capable of cross-referencing and defending itself against adversarial attacks.” —Joe Jaroch, Senior Director of Cybersecurity Strategy, Webroot

Small and Medium-Sized Businesses will Bear the Brunt of Cyberattacks

Findings regarding cybersecurity readiness among small and medium-sized businesses (SMBs) continue to be grim. Despite commonly falling victim to data breaches and other attacks, an attitude still pervades that they are either too small to catch the eye of cybercriminals or that their data isn’t valuable enough to warrant an attack. 

In a study conducted by Webroot and 451 Research, 71 percent of SMBs admitted to experiencing a breach or attack within the previous 24 months that resulted in “operational disruption, reputational damage, significant financial losses or regulatory penalties.”

According to Webroot Security Analyst Tyler Moffitt, that trend is unlikely to abate. 

“We expect that SMBs will continue to be targets for cybercriminals because, just like the public, education, and healthcare sectors, they maintain the same vulnerable environment. They’re low budget, understaffed, and often under-educated on matters of cybersecurity.”

Findings from the 451 Research report confirm Moffitt’s suspicions. A full 36 percent of SMBs surveyed in that study reported that they had no full-time staff on hand dedicated to cybersecurity. 

“The SMBs typically targeted have under 50 employees, and it often falls to a lone IT admin or someone in finance or sales to shore up cybersecurity at the company,” Moffitt says. “Almost always it’s a person who wears many hats and doesn’t have much of a budget or expertise.”

It’s the easily overlooked yet easily exploited security gaps like an unsecured RDP that most worry Moffitt. Without dedicated cybersecurity consulting, these can easily be exploited, yet they are easy to fix.

 “Expect to see more attacks against less developed nations. Attacks like this don’t generate revenue, rather they are meant to disrupt and destroy” —Grayson Milbourne, Security Intelligence Director, Webroot

We Want to Hear Your 2020 Predictions

Are these the developments you expect to see to kick off the new decade? Have some other ideas? We want to hear what hacks, news stories, or trends in cybersecurity you anticipate in the New Year. You can read additional predictions from our staff for the year ahead, plus submit your own, on the Webroot Community. Click here to visit the Community and share your 2020 predictions.

Shoring Up Your Network and Security Policies: Least Privilege Models

Reading Time: ~ 3 min.

Why do so many businesses allow unfettered access to their networks? You’d be shocked by how often it happens. The truth is: your employees don’t need unrestricted access to all parts of our business. This is why the Principle of Least Privilege (POLP) is one of the most important, if overlooked, aspects of a data security plan. 

Appropriate privilege

When we say “least privilege”, what we actually mean is “appropriate privilege”, or need-to-know. Basically, this kind of approach assigns zero access by default, and then allows entry as needed. (This is pretty much the opposite of what many of us are taught about network access.) But by embracing this principle, you ensure that network access remains strictly controlled, even as people join the company, move into new roles, leave, etc. Obviously, you want employees to be able to do their jobs; but, by limiting initial access, you can minimize the risk of an internal breach.

If you haven’t already, now is the perfect time to take a look at your network access policies. After all, it’s about protecting your business and customers—not to mention your reputation.

Listen to the podcast: Episode 6 | Shoring Up Your Network Security with Strong Policies to learn more about implementing the Principle of Least Privilege and other network security best practices.

Navigating the difficult conversations around access control

It’s no surprise that employees enjoy taking liberties at the workplace. In fact, Microsoft reports that 67% of users utilize their own devices at work. Consequently, they may push back on POLP policies because it means giving up some freedom, like installing personal software on work computers, using their BYOD in an unauthorized fashion, or having unlimited usage of non-essential applications.

Ultimately, you need to prepare for hard conversations. For example, you’ll have to explain that the goal of Principle of Least Privilege is to provide a more secure workplace for everyone. It’s not a reflection on who your employees are or even their seniority; it’s about security. So, it’s essential for you, the MSP or IT leader, to initiate the dialogue around access control––often and early. And, at the end of the day, it’s your responsibility to implement POLP policies that protect your network.

Firewalls and antivirus aren’t enough 

There’s a common misconception in cybersecurity that the firewall and/or antivirus is all you need to stop all network threats. But they don’t protect against internal threats, such as phishing or data theft. This is where access policies are necessary to fill in the gaps.

Here’s a prime example: let’s say you have an employee whose job is data entry and they only need access to a few specific databases. If malware infects that employee’s computer or they click a phishing link, the attack is limited to those database entries. However, if that employee has root access privileges, the infection can quickly spread across all your systems.

Cyberattacks like phishingransomware, and botnets are all designed to circumvent firewalls. By following an appropriate privilege model, you can limit the number of people who can bypass your firewall and exploit security gaps in your network.

Tips to achieve least privilege

When it comes to implementing POLP in your business, here are some tips for getting started:

  • Conduct a privilege audit. Check all existing accounts, processes, and programs to ensure that they have only enough permissions to do the job.
  • Remove open access and start all accounts with low access. Only add specific higher-level access as needed.
  • Create separate admin accounts that limit access. 
    • Superuser accounts should be used for administration or specialized IT employees who need unlimited system access. 
    • Standard user accounts, sometimes called least privilege user accounts (LUA) or non-privileged accounts, should have a limited set of privileges and should be assigned to everyone else.
  • Implement expiring privileges and one-time-use credentials.
  • Create a guest network leveraging a VPN for employees and guests.
  • Develop and enforce access policies for BYOD or provide your own network-protected devices whenever possible.
  • Regularly review updated employee access controls, permissions, and privileges.
  • Upgrade your firewalls and ensure they are configured correctly.
  • Add other forms of network monitoring, like automated detection and response.

Securing Your Business First: Learn How ADR Can Help

Reading Time: ~ 3 min.

Entrepreneur Jim Rohn once said, “Time is more valuable than money. You can get more money, but you cannot get more time.” I think anyone involved in running a business can relate to this statement, but it carries a particularly deep meaning to those of us who deal with cybersecurity.

When it comes to cyberattacks, even the most minor malware infection can create costly delays and downtime, and the damages from data loss or business disruption can be financially devastating. Dealing with the consequences of denial-of-service attacks, ransomware, and data breaches shouldn’t be an accepted part of your agenda. 

You need to protect your business first. That means having a strong lineup of cyber-defense tools that don’t just mitigate threats, but actually put time back in your day. The key to success is to stop threats before they stop you. One of the most important pieces of that puzzle is the tools you use, particularly to achieve automation.

Learn more about protecting your business first with ADR and other cyber-defense best practices by checking out our Lockdown Lessons podcast series.

What are EDR, MDR, and ADR, and what’s the difference?

I am the first to admit that the cybersecurity world throws around far too many acronyms, and the definitions are not abundantly clear. (I’m definitely guilty of this, myself.) So let’s break down some of the endpoint-related jargon you may have heard lately.

Endpoint Detection and Response (EDR)

Endpoint detection and response (EDR) technology gathers large volumes of data from endpoints and provides security analysts with large amounts of information to help detect and mitigate cyber threats. These solutions significantly improve endpoint visibility, threat remediation, and can even assist with threat hunting. But to take full advantage, a staff of trained security analysts are necessary––and with today’s skills gap, this model does not make sense for the majority of SMBs and MSPs.

Today, EDR is beginning to morph into “enterprise detection and response.” The endpoint telemetry data it produces forms part of a more holistic approach to network security. 

Managed Detection and Response (MDR)

In recent months, cloud-based security service providers have been leveraging EDR data and compensating for the cybersecurity skills gap through managed detection and response (MDR). 

Working around the clock, MDR acts as a security analyst by providing automated threat detection, response, and remediation. It protects the entire network––not just endpoints––and provides the time, commitment, and cybersecurity skills necessary to fully detect, mitigate and resolve issues. The unfortunate truth here is that, for many smaller businesses, MDR is just too expensive. They may need to explore different partnership models or leverage managed services from their vendors.

Automated Detection and Response (ADR)

For businesses and managed service providers without dedicated cybersecurity resources and an ample budget, automated detection and response (ADR) may be the perfect answer. When other solutions become overwhelmed by the vast quantity of incoming malware, ADR leverages AI and machine learning to not only stop threats, but also to proactively predict and prevent them. As a result, this type of solution can actually put time back in your day.

As the cybersecurity landscape evolves and the skills gap continues to grow, MSPs and SMBs must onboard solutions that automate their defenses and offer the missing cybersecurity intelligence that only ADR provides.

ADR: the Next-Gen Evolution of Cybersecurity

As you are probably aware, modern attacks continue to increase in complexity, become more targeted, and are often automated at scale. They can also move unpredictably and laterally, as we have seen with Island Hopping (i.e. the act of compromising one company by infiltrating its affiliates, partner network, and/or supply chain.)

I know that many of you experience challenges that can make your business or clients vulnerable to attack, including:

  • Broad attack surfaces
  • Limited security expertise
  • Lax or inadequate access controls
  • Data loss, email spam, and phishing vulnerabilities
  • Insufficient understanding of compliance

The best way to combat these types of vulnerabilities is to leverage the power in prediction to stop attacks before they happen, and to quickly and automatically remediate threats that do get through. This is where ADR provides a new way to think about cybersecurity.

Currently, your cybersecurity or IT team needs to manage multiple tasks across multiple systems, which requires in-depth knowledge of computer systems and cybersecurity threats. Consequently, response time is often slow. With ADR, tasks are automated, and threats are investigated, validated, and remediated in the background––greatly boosting your operational efficiency and effectiveness.

As the threat environment continues to evolve, you will need to keep pace and ADR changes the security equation by improving the accuracy of detection and speed of response, saving you a lot of time and hassle—not to mention money.

Why MSPs Should Expect No-Conflict Endpoint Security

Reading Time: ~ 3 min.

“Antivirus programs use techniques to stop viruses that are very “virus-like” in and of themselves, and in most cases if you try to run two antivirus programs, or full security suites, each believes the other is malicious and they then engage in a battle to the death (of system usability, anyway).”

“…running 2 AV’s will most likely cause conflicts and slowness as they will scan each other’s malware signature database. So it’s not recommended.”

The above quotes come from top answers on a popular computer help site and community forum in response to a question about “Running Two AVs” simultaneously.

Seattle Times tech columnist Patrick Marshall has similarly warned his readers about the dangers of antivirus products conflicting on his own computers.

Click here to see 9 top endpoint protection competitors go head to head to see who’s most efficient.

Historically, these comments were spot-on, 100% correct in describing how competing AV solutions interacted on endpoints. Here’s why.

The (Traditional) Issues with Running Side-by-Side AV Programs

In pursuit of battling it out on your machine for security supremacy, AV solutions have traditionally had a tendency to cause serious performance issues.

This is because:

  • Each is convinced the other is an imposter. Antivirus programs tend to look a lot like viruses to other antivirus programs. The behaviors they engage in, like scanning files or scripts and exporting information about those data objects, can look a little shady to a program that’s sole purpose is to be on the lookout for suspicious activity.
  • Each wants to be the anti-malware star. Ideally both AV programs installed on a machine would be up to the task of spotting a virus on a computer. And both would want to let the user know when they’d found something. So while one AV number one may isolate a threat, you can bet AV number two will still want to alert the user to its presence. This can lead to an endlessly annoying cycle of warnings, all-clears, and further warnings.
  • Both are hungry for your computer’s limited resources. Traditional antivirus products store static lists of known threats on each user’s machine so they can be checked against new data. This, plus the memory used for storing the endpoint agent, CPU for scheduled scans, on-demand scans, and even resource use during idling can add up to big demand. Multiply it by two and devices quickly become sluggish.

Putting the Problem Into Context

Those of you reading this may be thinking, But is all of this really a problem? Who wants to run duplicate endpoint security products anyway?

Consider a scenario, one in which you’re unhappy with your current AV solution. Maybe the management overhead is unreasonable and it’s keeping you from core business responsibilities. Then what?

“Rip and replace”—a phrase guaranteed to make many an MSP shudder—comes to mind. It suggests long evenings of after-hours work removing endpoint protection from device after device, exposing each of the machines under your care to a precarious period of no protection. For MSPs managing hundreds or thousands of endpoints, even significant performance issues can seem not worth the trouble.

Hence we’ve arrived at the problem with conflicting AV software. They lock MSPs into a no-win quagmire of poor performance on the one hand, and a potentially dangerous rip-and-replace operation on the other.

But by designing a no-conflict agent, these growing pains can be eased almost completely. MSPs unhappy with the performance of their current AV can install its replacement during working hours without breaking a sweat. A cloud-based malware prevention architecture and “next-gen” approach to mitigating attacks allows everyone to benefit from the ability to change and upgrade their endpoint security with minimal effort.

Simply wait for your new endpoint agent to be installed, uninstall its predecessor, and still be home in time for dinner.

Stop Wishing and Expect No-Conflict Endpoint Protection

Any modern endpoint protection worth its salt or designed with the user in mind has two key qualities that address this problem:

  1. It won’t conflict with other AV programs and
  2. It installs fast and painlessly.

After all, this is 2019 (and over 30 years since antivirus was invented) so you should expect as much. Considering the plethora of (often so-called) next-gen endpoint solutions out there, there’s just no reason to get locked into a bad relationship you can’t easily replace if something better comes along.

So when evaluating a new cybersecurity tool, ask whether it’s no conflict and how quickly it installs. You’ll be glad you did.

5 Must-Haves When Working Outside the Office

Reading Time: ~ 3 min.

When you’re running a business, it’s important to stay connected, whether you’re in the office or not. Modern technology has made this easier than ever, ensuring you can answer emails and stay on top of tasks in hotels, coffee shops, wherever. Social media influencer and serial entrepreneur Gary Vaynerchuk has even said, “The airplane is disproportionately the place where I get the most tangible amount of work done.” 

But if you’re going to get anything done outside the office or on the road, there are a few essentials to have on hand. Here are five must-haves to make sure you are prepared and productive.

#1 Protect Your Devices and Your Data

No, this is not at the top just because you’re reading this on a security blog. Anytime you’re accessing the internet in a hotel, coffee shop, or other public space, your data and devices are at risk. While security may not be at the top of your list of concerns, a whopping 58% of data breaches happen to SMBs, and 60% of those who are attacked fold within 6 months.

This is why security, at the very least endpoint security, should be your number one consideration when working on the go. But not all endpoint security solutions are created equal.

Explore fast and effective endpoint security designed for business.

Modern endpoint security is cloud-based, lightweight (won’t slow your device down), and is powered by 24/7 threat intelligence to make sure you are protected against all known threats. In fact, some do what is known as “journaling” when they encounter an unknown threat so if it is deemed malicious, every action the malware took can be rolled back, step by step.

It’s also worth considering implementing a VPN to secure your connection to your office software and data as well as secure your communications with colleagues. Public WiFi is a favorite target of malicious attacks, including man-in-the-middle attacks, so the more you can anonymize your activity, the better.

#2 Stay Connected

When you’re on the road, there’s no guarantee that you’ll have reliable WiFi. Coffee shop WiFi can vary depending on how many people are using it, and hotel WiFi often costs money. To make sure you can always stay connected to high-quality WiFi, you’ll want to invest in a mobile WiFi device, which will work much better than using your smartphone as a hotspot. Plus, using a mobile WiFi device will help save your phone battery and will free it up for any phone calls you need to make. 

In addition, by using your own WiFi hotspot, you will avoid some of the security risks that come from using public WiFi

#3 Stay Charged

The last thing you want when working on the go is for your devices to run out of battery. Of course, you must remember to bring your basic laptop and smartphone chargers. However, you might not always have convenient access to an outlet. In which case, you’re going to want to bring a portable charger. Smartphones and laptops have different battery needs so you might want to get a portable charger for each.

Here is a list of the top portable chargers for smartphones and another for the top power banks for your laptop.

#4 Stay in the Zone

If you’re out of the office, chances are it might be more difficult to find some peace and quiet. Because of this, you’ll want to make sure you have a good set of headphones to help you get in the zone. 

If you’re choosing headphones, you’ll need to consider whether you want to go with over-the-ear or in-ear models. Over-the-ear models tend to have higher sound quality and better noise canceling features, but there are a variety of high-quality earbuds these days that may be easier to travel with. Whichever you go with, they’ll be useless without productivity-enhancing music to go along with them.

study published on the psychology of music found that those who listened to music completed their tasks more quickly and experienced better creativity. If you want to make your own playlist, it’s largely accepted that classical and other instrumental types of music work best for productivity. However, there are a variety of curated work playlists already in existence that you could use.

#5 Travel with the Right Bag

Now that you have your laptop, smartphone, chargers, portable batteries, headphones, and WiFi hotspot, you’ll need a way to carry it all around. But not just any bag will do. Since you’re traveling, you’ll want something that is compact, organized, and comfortable to carry, even if it’s heavy.

While the briefcase is a classic, it is not very efficient and can be cumbersome when also trying to carry coffee or talk on the phone. Backpacks are definitely the way to go if you want to carry everything comfortably while keeping your hands free. Just make sure to choose a bag made of durable materials with adequately wide and cushioned straps. The last thing you want in a bag is one you wince at the thought of carrying again after a long day.