SMBs

Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Improved functionality and new features to help enhance the user experience

Webroot Console 6.5 is here

To help get us closer to retiring the Endpoint Protection Console, we’ve introduced three new functionality features with Webroot Console 6.5.

Friendly name support

To improve overall user functionality within the existing Endpoint Console, we have introduced a naming convention feature that allows users to assign a device a ‘Friendly Name’ that will replace the original Hostname associated with a device. All devices renamed within the Endpoint Console will see this naming convention reflected in the Management Console, allowing users to manage devices without having to navigate down to the Endpoint Console.

Persistent states

To further improve the user experience, the sites and entities pages has been improved with the introduction of persistent states. This introduction allows filters and searches to persist across a user’s session. Admins can seamlessly navigate away from a page and return to the view they were previously working with. This type of functionality will be introduced across other areas of the console in future releases.

Site only Admin view

This release brings forth a new look and feel for Site Only Admins to help align with the rest of the Webroot Management Console. This view represents the beginning for Site Only Admins. Admins will still have access to the Endpoint Protection Console during the uplift process in upcoming releases.

The release of Webroot’s latest console provides users with a simplified and centralized management system, intuitive user experience and enhanced visibility.

Visit our portal to get the latest Webroot updates in real-time.

Browse the status of product updates and enable delivery notifications.

Soaring ransomware payments, consistent infections, deceptive URLs and more in this year’s 2022 BrightCloud® Threat Report

Cyber threats are becoming increasingly difficult to detect. Cybercriminals are also becoming experts in deception. What does this mean for your business? How can you keep your family members safe online and reassure your customers you are protecting their data?

Our threat research analysts have complied the latest threat intelligence data to bring you the most cutting-edge and insightful information about the most recent cyber threats and what they mean for you.

Below is a summary and sneak peek from the full report.

Malware

Whether you operate a business or spend time online surfing the web, malware remains a concern. In the last year, 86% of malware remained unique to a PC, which has been consistent for the past few years. This implies attackers are obtaining a level of consistency in what they do to avoid being caught.

While the goal of spreading infection is top of mind for a bad actor, infection rates are not equal. When we examined the trends between businesses and consumers, there are some marked differences:

  • 53% of consumer PCs were infected more than once, but businesses lag behind migrating from Windows 7, leaving them more suspectable to infection.
  • For medium-sized organizations (21 to 100 licensed PCs) infection rates are just over one-third (34%), infecting nine PCs on average.
  • The manufacturing, public administration and information sectors experienced higher-than-average infection rates.

If your business falls within these industries or if you’re concerned your personal PC could be prone to infection, read the complete section on malware in the 2022 BrightCloud® Threat Report. It’s chock full of insights into the differences in infection rates by type of PC, region and industry.

Skyrocketing ransomware payments will cost more than just your revenue

If you’re a small business owner, you don’t need to be told that you’ve suffered immensely throughout the pandemic. Exposure to ransomware is just another element you’ve had to consider. Ransomware continues to plague small to medium-sized businesses (SMBs). While this is not a new revelation, the smallest organizations, those with 100 employees or less, accounted for 44% of ransomware victims last year.

That’s nearly half.

Why do cybercriminals focus on SMBs? Attacks on larger enterprises and state-owned entities bring a level of publicity and attention that makes it harder for bad actors to achieve their goal of a financial payout. SMBs, given the lack of resources to respond, are more likely to pay and pay a lot. The year-end average for 2021 more than doubled the 2020 average, reaching $322,168. With limited resources at their disposal, the smallest of organizations are faced with tough decisions ahead when it comes to making ransomware payments and disclosing their decision to do so.

Law enforcement agencies are starting to gain headway on ransomware gangs. To learn how countries are banding together to shutdown notorious groups like REvil and DarkSide, check out the ransomware section of the full report.

High-risk URLs are phishing for your data in the most benign of locations

We discovered four million new high-risk URLs were in existence in 2021. To make matters worse, almost 66% of them involved phishing. Cybercriminals look to certain times of the year to execute their attacks. They are also keen to impersonate well-known brands to lure you into clicking on malicious links. Our complete list of top brands that are most impersonated is available in the phishing section of our full report.

­­­Thwarting cyber threats through cyber resilience

“Businesses’ ability to prepare for and recover from threats will increase as they integrate cyber resilience into their technologies, processes, and people,” said Mark J. Barrenechea, OpenText CEO & CTO. “With security risks escalating worldwide and a persistent state of ‘unprecedented’ threats, compromises are inevitable. This year’s findings reiterate the need for organizations to deploy strong multi-layered security defenses to help them remain at the heart of cyber resilience and circumvent even the most creative cybercriminals.”

Our full report helps you uncover the latest cyber trends powered by our BrightCloud® Threat Intelligence platform.

To learn more and empower your cyber know-how, download the 2022 BrightCloud® Threat Report.

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online files, it’s important for businesses and consumers to back up their data.

What is backup?

Simply put, backup is a copy of your files. Think of your family photos, home videos, tax information and other important documents. Typically we compile these files on our computer. Without backing these files up, they can get lost or stolen.  

Why backup?

Backup enables you to keep your data accessible and secure. There are so many ways your personal files or business documents could experience data loss. It could simply be a result of human error. Data loss can also occur as a result of falling victim to ransomware, malware or phishing. According to the 2022 BrightCloud® Threat Report, medium-sized organizations (21 to 100 licensed PCs) experienced malware infection rates that affected nine PCs on average last year. To make matters worse, BrightCloud® Threat Intelligence also revealed four million new high-risk URLs were in existence in 2021 and almost 66% of them involved phishing. Whether you have important files stored on your personal or business computers, your data remains at risk.

“The possibility of data loss and theft should be top of mind for individuals and businesses. Our increased reliance on digital files, the rise in cyber attacks, human error and natural disasters are just a few examples of how your data remains highly vulnerable,” says Tyler Moffitt, senior security analyst at Carbonite + Webroot, OpenText Security Solutions.

Take control of your data through backup

Beginning the backup process can be daunting. Whether you’re looking to back up your family’s documents or your mission-critical business files, it’s important to consider:

  • Where will you back up your data? There are a number of backup options. From external hard drive to the cloud, there are many ways to prevent loss. It’s important to find a solution that fits your needs.
  • What is your retention policy? A retention policy allows you to keep certain backups for a longer period of time. For instance, a business may decide it’s necessary to keep daily backups for a total of 30 days, but a family may choose to hold onto all their family photos for months  before archiving.

Say goodbye to data loss with Carbonite

Even though there are many ways to back up your data, not all options are created equal. For instance, storing your personal files on an external drive can backfire if the drive becomes corrupt or lost. As more of our data exists online, it’s important to consider cloud-based options.

Many vendors in the market offer cloud backup solutions for your home or business. But it’s important to find a reliable and trusted provider. Carbonite is an award-winning, industry leader with reliable backup solutions. Over one million people trust Carbonite to protect their digital lives. Carbonite offers automatic, dependable and convenient backup for all of your devices and hard drive files.

Make data backup a priority

World Backup Day is an important reminder to preserve our data. As the threat landscape continues to evolve, backing up your files becomes part of a larger cyber resilience strategy. Cyber resilience is a defense in depth strategy that helps ensure continuous access to your personal and business data no matter what happens. 

Carbonite offers solutions for consumers and businesses. Discover which of our plans is right for you.

Own a small business and need data backup? Discover Carbonite Safe® for professionals.

Kick start your backup journey today. To understand your backup needs, begin with our quick assessment. We’ll help you pinpoint the level of backup you need. We’ll also give you an opportunity to experience it without commitment.

Start a free trial today and discover for yourself how simple it is to back up your data with Carbonite.

Protect From Cyberattacks With These 6 Steps For Cyber Resilience

Making the case

The pros behind Carbonite + Webroot joined forces with industry leading researchers at IDC to develop an easy-to-understand framework for fighting back against cybercrime. The results? A 6-step plan for adopting a cyber resilience strategy meant to keep businesses safe.

IDC looked into the data and past the alarming headlines with million-dollar ransom payments and crippling supply chain attacks.

The facts they found are eye-opening and underline why cyber resilience is the best strategy:

  • less than 2% of full-time staff at SMBs are dedicated to tech
  • 30% of companies that paid a ransom forked over between $100,000 and $1 million
  • 56% of ransomware victims suffered at least a few days or a week of downtime

Of course, the best strategies can’t help anyone who doesn’t adopt them. So IDC also compiled tips for communicating with businesses. Whether you’re an MSP, an IT pro or just a friend, you can use these tips to help convince the underprepared that they need a cyber resilience strategy.

The 4 reasons why cyber resilience makes sense

IDC researchers make an iron-clad case for cyber resilience by looking at the current state of cybercrime. The found 4 main reasons why businesses need a cyber resilience framework:

  1. Crippling cyberattacks are on the rise. Evolving methods and sophisticated tactics make cybercrime a booming business for criminals.
  2. A distributed IT footprint brings greater risk. The onset of hybrid work opens new pathways ready to be exploited. And let’s face it, the average home WiFi doesn’t have the right kind of security.
  3. IT departments are stretched thin. Less than 2% of SMBs’ total employee base is dedicated to full-time IT staff.*
  4. Consequences of an attack remain dire. Attacks continue to reverberate past the day of a breach, with 55% of ransomware victims suffering a few days to a week of costly downtime.**

The right tools can fight back

But it’s not all bad news. Adopting the right strategy and the right tools sets you on the road to protecting your business. The headlines are scary and the stats are alarming, but they’re not prophecy. Businesses don’t have to live in fear of falling victim to cyberattacks.

From framework to action

IDC goes in depth for the steps businesses can take to adopt cyber resilience. Here’s a quick preview of the framework:

  1. Identify. You can’t protect what you haven’t first identified.
  2. Protect. Employees and their devices are cybercriminals’ first targets. Protect them and start a systematic file and backup system.
  3. Detect. Threat intelligence and experience-based detection can thwart even the most sophisticated attackers.
  4. Respond. It’s imperative to stop attackers’ advances before real harm occurs.
  5. Recover. Clean up infected devices, close backdoors and have a plan to recover damaged or out-of-commission assets.
  6. Educate. Empower your employees to form a citizen army of cybersecurity checkpoints.

Combining powers to form the best defense

IDC also suggests the best ways that businesses can take action to protect themselves. By combining the powers of outside help with in-house know how, businesses benefit from the best of two worlds.

Ready to start protecting yourself and your business? Explore how Carbonite + Webroot provide a full range of cyber resilience solutions.

Download the IDC report.

* IDC’s Worldwide Small and Medium Business Survey, 2020

** IDC, Future Enterprise Resiliency & Spending Survey Wave 6, July 2021, IDC’s 2021 Ransomware Study: Where You Are Matters!

Pro tips for backing up large datasets

Successfully recovering from disruption or disaster is one of an IT administrator’s most critical duties. Whether it’s restoring servers or rescuing lost data, failure to complete a successful recovery can spell doom for a company.

But mastering the recovery process happens before disaster strikes. This is especially true for large datasets. Our breakdown is here to help you along the way. We also have an even more detailed walkthrough for how to back up large datasets.

Large datasets have lots of variables to consider when figuring out the ‘how’ of recovery. After all, recovery doesn’t happen with the flip of a switch. Success is measured by retrieving mission critical files in the right order so your business can get back to business.

5 essential questions to ask before backing up large datasets

IT pros know that a successful recovery takes trial and error, and even a bit of finesse. And with many things in life, a bit of preparation can save a lot of downtime. So before you start, ask yourself these questions:

  1. What’s my company’s document retention policy? (And don’t forget regulatory requirements like GDPR)

First, you need to ensure you satisfy your company’s retention policy and that you’re in compliance with any regulatory requirements when choosing what to backup. Before sifting through your data and making hard decisions about what to protect, you need to take this important step to make sure you don’t run afoul of legislation or regulations.

Once in full compliance with company policies and regulations, it’s time to highlight any data that affects the operations or the financial health of the business. Identifying mission critical data allows you to prioritize backup tasks based on desired recovery options.

You can also exclude data that isn’t mission critical and isn’t covered by regulations from regular backup scheduling. Any bandwidth you save now will give you added flexibility when you make it to the last step.

  • What types of data do I have (and can I compress it)?

Data is more than 1s and 0s. Some datasets have more redundancy than others, making them easier to compress while images, audio and video tend to have less redundancy. Your company might have a lot of incompressible images leading you to utilize snapshot or image backup. This allows you to move large datasets over a network more efficiently without interrupting critical workflows.

  • How frequently do my data change?

The rate of change for your data will determine the size of your backups and help you figure out how long it will take to recover. That’s because once you have an initial backup and complete the dedupe process, backups only need to record the changes to your data.

Anything that doesn’t change will be recoverable from the initial backup. Even with a very large dataset, if most of your data stays static then you can recover from a small disruption very quickly. But no matter the rate of change, anticipating how long it will take to recover critical data informs your business continuity plans.

  • What size backup will my network support?

Bandwidth capacity is a common denominator for successful recoveries. It’s important to remember that you can only protect as much data as your network will allow. Using all your bandwidth to make daily backups can grind business to a halt. This is where your preparation can help the most.

Once you’ve answered the first four questions, you should know which data need to be accessible at any hour of the day. You can protect this data onsite with a dedicated backup appliance to give you the fastest recovery times. Of course, you’ll still have this data backed up offsite in case a localized disaster strikes.

Money matters

IT assets cost money and often represent large investments for businesses. New technologies bring advancements in business continuity but can also add complications. And to top it all off, IT ecosystems increasingly must support both legacy technology and new systems.

Some vendors are slow to adapt new pricing models that fit with emerging technologies. They add on excessive overage charges and ‘per instance’ fees. This adds costs as businesses scale up their environments – more servers, databases and applications increasingly escalate prices.

Finding the right partner

That’s why it’s so important to work with a vendor that offers unlimited licensing. You’re empowered to protect what you need and grow your business without worrying about an extra cost. Most importantly, businesses shouldn’t have to skimp on protection because of an increase in price.

Time to get started

Protecting large datasets goes beyond just flipping a switch. Preparation and careful consideration of your data will help you land on a strategy that works for your business.

Interested in learning more about Carbonite backup plans?

Explore our industry leading solutions and start a free trial to see them in action.

Ransom hits main street

Cybercriminals have made headlines by forcing Fortune 500 companies to pay million-dollar ransom payments to retrieve their data and unlock their systems. But despite the headlines, most ransomware targets families as well as small and medium sized businesses.

In fact, the average ransom payment is closer to $50,000. And it makes sense – just like it is for common criminals, it’s easier to steal a purse than it is to rob millions from a bank.

Targeted by ransomware

Ransomware uses modern technology and cutting-edge tools to do something that feels decidedly old fashioned – steal from you. It’s a modern day grift, where criminals take something that you value and will only give it back in exchange for money

In the modern age, it looks like this: cybercriminals break into your device and lock away your most valuable files. They want to disrupt your life and your business so much that you’re willing to pay the cybercriminals to give back your most important files.

Ransomware tactics

“Their goal is disruption. How can your business operate if all the computers are locked up?” explains Grayson Milbourne, security intelligence director for Carbonite + Webroot. And businesses aren’t the only target.

Families might lose access to years of photos and videos because of a ransomware attack. That’s because criminals know that families are willing to pay to keep years’ worth of precious memories.

Of course, cybercriminals have added a new layer to their crimes. Now, instead of destroying your files if you don’t pay them, they’ll sell your files on the dark web. This way victims are even more likely to pay because they could lose passwords, business data and personal information.

How to fight back.

Cybercriminals aren’t the only ones using new technology, though. Cybersecurity experts are developing new tools for keeping cybercriminals out of your business and personal life. Of course, the first step to protecting you or your business is adopting a cybersecurity tool that protects your files and makes backups in case of emergency.

With safeguards in place, you won’t have to pick between losing your files and your privacy or paying cybercriminals.

Ready to take the first in protecting your most precious memories and most important documents?

Explore Webroot plans.

The Rise of Ransomware

Ransomware attacks dominate news coverage of the cybersecurity industry. And it’s no wonder – with million-dollar payouts, infrastructure attacks and international manhunts, ransomware makes for exciting headlines. But its recent domination of the airwaves has been a long time coming.  

“The first types of ransomware have existed for quite some time, going all the way back to the early 2000’s,” says Grayson Milbourne, security intelligence director at Carbonite + Webroot. Going through the history of ransomware, Grayson notes that it started as small time swindles “with the goal of getting you to pay 50 bucks.”

Evolving Threats

The ransomware we see today has evolved over the last 20 years to become the monster seen in news headlines. Instead of petty crooks, we now see criminal gangs that combine ransomware with worm-like capabilities that utilize a double extortion method.

In other words, “ransomware isn’t just a targeted model that you have to click on to fall for. Anybody can be attacked and breached,” explains Tyler Moffitt, senior threat analyst at Carbonite + Webroot.

The New Standard of Ransomware

Hackers not only steal and lock files away, they also leak data in the most damaging way if a ransom settlement is not reached. And the new brand of ransomware spreads through networks and across businesses so you might fall victim even though it was your colleague or business partner that clicked on the wrong link.

These new methods helped skyrocket the average ransom payment to almost $150,000. Even worse, most ransom payments end being around $50,000. The high average payment is buoyed by a few million-dollar ransoms, but most victims are small and medium businesses.

Fighting Back

Luckily, the news isn’t all bad. Yes, ransomware has had years to evolve into the juggernaut it is today. But analysts, security experts and threat researchers have also had time to craft new tools to keep people and businesses safe.

“It’s so much better modernizing your infrastructure up front in the appropriate defense in depth,” says Jon Murchison, CEO of Blackpoint Cyber. For Murchison, security efforts cannot wait until an attack happens, they need to be adopted in advance.

But the right tools, Murchison says “will save you from a bad day or an existential day to your business.”

Check out episode 2 to learn more about how ransomware has evolved and how you can protect yourself in the face of these new threats.

Then stay tuned for Carbonite + Webroot’s episode 3 in our series on ransomware.

It’s time to ask: Is ransomware insurance bad for cybersecurity?

The issue at the heart of ransomware insurance will be familiar to most parents of young children: rewarding bad behavior only invites more of the same, so it’s generally not a good idea. But critics of the ransomware insurance industry argue that’s exactly what the practice does.

Ransomware insurance has by now long been suspected of excusing lax security practices and inspiring confidence among cybercriminals that they’ll receive a timely payment following a successful breach.

Exactly how widespread ransomware claims by businesses are is difficult to determine since companies don’t exactly jump at the chance to discuss their run-ins with ransomware publicly. But it’s safe to assume that claims have risen alongside an undeniable surge in ransomware attacks.

Another issue with the cyber insurance industry stems from the fact that paying a ransom is no guarantee that data will be returned. In our recent report on the hidden costs of ransomware, nearly 20 percent of respondents were not able to recover their data even after making an extortion payment.

The Paris-based insurance giant AXA broke new ground this year by announcing it would stop insuring against cyberattacks, citing a lack of guidance from French regulators about the practice. It’s worth remembering that the FBI “does not support paying a ransom in response to a ransomware attack.”

So, if U.S.-based insurers were to follow AXA’s logic, they too would stop covering ransomware payments. So far, few have. For now.

Doomed to be a short-lived sector?

The industry publication InsuranceJournal.com recently wrote in a post on its site that “pressure is building on the industry to stop reimbursing for ransoms.” Before ransomware went rampant, the article notes, cybersecurity insurance was a profitable sub-category of the insurance business as a whole. But those days may be numbered. The sector is now “teetering on the edge of profitability” according to the post’s author.

It’s well-known within cybersecurity circles that ransomware actors will conduct advanced research to determine if a potential target is insured. If so, it’s hardly a deterrent since it increases the likelihood a payment will be made.

It winds up being a self-reinforcing cycle. As ProPublica wrote in its study of the industry, “by rewarding hackers, it encourages more ransomware attacks, which in turn frighten more businesses and government agencies into buying policies.”

A commonly cited defense of ransomware insurance is that they not only protect against the cost of the ransom, but also against knock-on expenses from ransomware like downtime, reallocation of tech resources and reputational damage. We know from our own research that these costs can be significant, so there’s some validity to this argument.

But the real question the cyber insurance industry needs to answer is whether it can ever again be profitable. A recently released paper from the British defense think tank Royal United Services Institute (RUSI), titled Cyber Insurance and the Cyber Security Challenge, identified this as one of the key challenges to the industry’s viability.

That paper found that “there is arguably too little global premium to absorb losses from a systemic event.” In other words, the next NotPetya could sink the industry.

Ransomware on the whole has caused losses in the cyber insurance industry, not least because, “unlike the majority of risks insurers cover, ransomware attacks are both a high-impact and a high-probability risk.”

Addressing cybersecurity insurance shortfalls

Importantly, the RUSI paper in the end reported that it was unable to find empirical evidence that “cyber insurers may be unintentionally facilitating the behavior of cybercriminals by contributing to the growth of targeted ransomware operations.” While that fact undermines arguments that cyber insurers are a boon for ransomware actors, it doesn’t speak to the question of viability.

As with any nascent industry, ransomware insurance vendors have some tough issues to grapple with concerning how they do business. The “race to the bottom,” which RUSI describes as a combination of cheap premiums and loose restrictions on underwriting (not requiring basic cybersecurity measures as part of the deal, for example), represents the real risk to the industry.

Its possible cyber insurance companies could drastically reduce claims by mandating a cyber resilience posture as a condition of being insured. Like a higher life insurance premium for a career stunt man, organizations without robust cybersecurity in place (including defense plus backup and restoration capabilities) could be forced to foot a higher bill. While this is already standard practice among many insurers, industry regulation may be required to prevent the opening of a market for insurers with more lax baseline cybersecurity requirements.

At the very least, insurers should insist on three core elements of cybersecurity strategy before underwriting:

  • Endpoint and network level security to guard against attacks. Devices secured with antiviruses and networks secured by DNS filters or firewalls should be the bare minimum requirement for protecting against ransomware attacks. Without them, ransomware actors are being invited in the front door.
  • Mandated ongoing security awareness training for employees. User-enabled breaches remain one of the most common causes of a successful ransomware attack. Without addressing end users’ tendency to fall for phishing and other social engineering attacks, while ransomware actors may find the front door locked, they know there’s a good chance it will be opened for them by someone on the inside.
  • Proven data backup and security protocols. Maintaining complete copies of mission-critical data is one of the simplest ways to undermine ransomware actors. By collectively removing this key piece of leverage, organizations can go a long way toward normalizing the non-payment of ransomware demands, easing the burden on cyber insurers.

Making the above the minimum standard for organizations would both minimize the damage caused by ransomware actors and increase the viability of ransomware insurance as an industry. By prioritizing cyber resilience over any one category of security, businesses can prevent breaches and get back to work easier when they do occur.

As workforces migrate from offices, workflows migrate to the cloud

In March of 2020 schools throughout the United Kingdom closed their doors to try to stem the spread of the coronavirus. In addition to disruptions to the lives of students and their families, the pandemic put unprecedented pressure on IT departments across the UK and wider world.

Notoriously strapped for resources, many schools’ IT departments found themselves without access to server rooms and no way to troubleshoot for students and staff when grading, learning and teleconferencing applications encountered problems.

In 2020 this situation was unfolding around the UK, and why CloudHappi began searching for a solution for their clients. CloudHappi is a London-based provider of IT solutions tailored for the education sector. Determined to provide the best learning experience possible for remote students, the company began exploring opportunities for shifting the IT burden from on-premise servers to the cloud.

Unfortunately, many of the earlier solutions CloudHappi explored took up to 15 days to perform a complete migration, an unacceptable timeline for schools looking to establish some sense of normalcy as soon as possible. After finding Carbonite and its server migration solution, however, it was able to perform a complete migration for its first school within a single day.  

As a result, IT operations for the school experienced fewer disruptions, applications were easy to access and unfortunate circumstances for students were made a little easier to handle.

Many reasons to migrate

Schools across the UK and United States are planning to open in the fall, notwithstanding uncertainty caused by the spread of the virus’s Delta variant. Vaccinations in much of the world are prompting workers to return to offices and life to start to resemble its pre-pandemic state in many ways.

But in other ways, it may never again. By some estimates, less than 35% of workers have returned to office spaces. Many companies don’t plan on requiring their workforces to come back at all. Some business leaders see remote work as a net positive, giving them access to larger talent pools, reducing pollution, freeing up time spent commuting for more productive tasks and cutting facilities costs.

Whether inspired by downsizing and office space or not renewing leases at all, there’s a good chance this shift in the workforce will require many more migrations from on-premise servers to the cloud. Not unlike in the case of UK schools, IT admins will require greater access to productivity solutions without the need for physical space in which to operate.

Aside from the flexibility of being able to access systems from anywhere, migrating to the cloud entails several knock-on benefits for businesses, whether MSPs or their clients.

  • Streamlined management – By offloading server management to a public cloud like Microsoft Azure or Amazon Web Services, businesses capitalize on all the economies of scale these companies have built over years of innovation and investment. Given the resources at their disposal, most cloud companies dwarf the capabilities of small IT teams
  • Enhanced security – With well-developed security policies covering things like firewalls, open ports and security teams dedicated to uncovering and patching vulnerabilities, public cloud companies often offer better security coverage than small IT teams. Even as bigger targets compared to a self-managed small business, available again give these companies the edge in terms of data security.
  • High-availability – Migrating data to the cloud also puts high-availability data replication possible for businesses. While large public cloud operations are highly reliable, outages do happen. When they do, high availability cloud architecture can quickly search to an unaffected server containing byte-by-byte replication if an original happens to go down. Without a high-availability solution, to use our example of schoolchildren in the UK, video conferencing software may become inoperable and students unable to learn together. For a business, losing access to certain applications because of a cloud outage can spell disaster. If email systems or customer account portals become inaccessible the costs can mount quickly.

In a sense, COVID-19 accelerated trends in computing trends by years. While much work had been moving to the cloud for some time before the pandemic hit, the sudden need for a distributed workforce heightened its importance overnight. Luckily, migrating offers significant benefits for all types of organizations and looks to be well suited for the workforce of the future.

To learn more about the benefits of migrating to the cloud, visit the Carbonite Migrate page here.

Redundancy for resilience: The importance of layered protection in the cloud

At Carbonite + Webroot, we’re always preaching about the importance of layering security solutions. Because here’s the truth: data’s always at risk. Whether from cybercriminals, everyday mishaps or mother nature, businesses can put up all the defenses they want but disaster only has to successfully strike once.

The global pandemic means more work is being conducted in the cloud, so this is no time to be lax with the security of cloud backups. Unless protection is redundant, organizations risk of losing mission-critical data – for minutes, days or permanently depending on the disaster – and putting their survival at risk.

That’s why layered protection in the cloud is so critical to cyber resilience. Without it, any one failure can be catastrophic.

So, how’s it done?

Let’s start with endpoints

For organizations managing hundreds or thousands of endpoints, backing each up to the cloud is important for keeping employees productive in the case of hardware failure, device theft, damage or malicious insiders. It’s easy to see how a laptop can be damaged, so it’s obvious for most that files stored locally should be backed up to the cloud.

But it’s also important to recognize that work done in the cloud should also be backed up. For example, one of the world’s most popular productivity tools for office workers, Microsoft 365, increasingly carries out its core functions in the cloud. But it has some serious gaps in terms of backup capabilities.

The average endpoint user may not know or care which important work files are stored, so long as they’re there when needed. This makes it important that Microsoft 365 data is backed up to the cloud – regardless of whether the user is aware if updates are being made locally or if the location is using its cloud capabilities.

Finally, but in the other direction, cloud-based cybersecurity offers another form of data security from the cloud. This method avoids the risk of endpoints relying on out-of-date file definitions of known-bad files, instead relying on near real-time threat telemetry from the cloud. This allows for the near real-time protection of all endpoints using the solution once a threat is identified.

But must also include servers

It’s less obvious to many of us that servers are at risk of becoming ground zero for data loss as well. Hardware sometimes fails, power cords can be tripped over, or worse…natural disasters can strike data centers, wiping out servers through fires, floods or other types of damage.

What good are endpoints without the servers that feed them information? Cloud computing technology offers a handful of flexible opportunities for backing up data housed on servers.

On-premise servers – used to store data locally based a business’s preference, regulatory needs or other reasons – can and should still be backed up to the cloud in case of a localized outage. Usually this entails concentrating data within a single point of storage (a “vault”) that’s then bulk uploaded. This duplicated data can then be accessed in the event a physical location loses power or a fiber optic cable is severed by construction work, for example.

Off-premise server banks also can and should be protected by cloud backups. Many of these servers may store their data in public clouds, which are normally but not always highly reliable. Public cloud outages do happen. When they do, it pays to have another cloud backup solution to failover to so the business can continue to run.

Whether or not this data is stored in the cloud permanently or migrated there when needed, redundancy is established when on and off-premise server banks are backed up to the cloud.

Rounding out the redundancy is a disaster recovery as a service (DRaaS) solution. This form of high-availability replication anticipates a worst-case scenario for server data loss. With DRaaS, byte-level replication of changes on an organization’s systems are sent to the cloud. In the event of a disaster, you

Note that DRaaS is not to be confused with being a replacement for backup. These are two different solutions that can work perfectly well alongside each other. Backup should apply to every server in an environment and offers long term retention with flexible restore options.  DRaaS typically would be layered on top of backup, for the most mission critical servers, resulting in options to either restore from backup, or failover directly and rapidly to another cloud depending on the event that has rendered the production server or data inaccessible.

Maintain uptime, all the time

Threats to business data are all around us. Rates of ransomware are rising and remote workforces have ballooned since the outbreak of COVID-19. This is no time to trust in a single cloud as an organizational backup strategy. No single point of failure should keep users from accessing business-critical data. Luckily, there are many options for designed layered backup across clouds.  

What’s the difference between high availability and backup again?

It’s not just that they’re making headlines more often. Ransomware rates really are rising. Given the recent spate of high-profile attacks, it’s worth remembering the difference between standard backup and high-availability replication.

Our research suggests that the costs of ransomware for businesses can amount to much more than an extortion payment. They include lost hours of productivity, reputational damage, compliance fines and more. But maintaining access to critical data at all times can undermine ransomware actors’ leverage over an organization, reduce recovery time and earn the good graces of regulators and the public.

Ultimately, doing so comes down to answering the question: what data does my business simply need to back up, and what data can my business simply not do without? Knowing the difference helps to determine the Recovery Time Objective (RTO) for a given type of data or application.

A 24-hour recovery time may fall within the RTO for non-essential data and applications. For mission-critical data, on the other hand, a 24-hour recovery period may exceed the acceptable amount of time to be without access to data. It could drive up the cost of data breach significantly, perhaps even higher than a ransomware payment.

Also, it may come down to the amount of change-rate data that can be acceptability lost. Knowing the acceptable Recovery Point Objectives (RPO) can be as important as knowing the required RTOs.  For instance, a highly transactional system performing critical Online Transaction Processing (OLTP) could not afford the loss of data that occurred between backup cycles. 

Well-designed data backup plans tend to be a blend of both standard backup and high availability, so it helps to know the difference when determining which is the better fit for a given system, application or set of data.

Data backup

There are all sorts of good reasons to keep regular, reliable backups of business systems. These may concern the normal conveniences of document retention – not having to begin a project from scratch in the case of accidental deletion, for instance – or to satisfy industry or legal compliance regulations.

These backups are taken at pre-determined time intervals, typically once a day during non-working hours, and stored on a backup server. Often backups will be given an associated value called a retention.  A retention allows organization to keep certain backups for a longer period of time.  For instance, a business may decide it’s necessary to keep daily backups for a total of 30 days. But due to storage concerns, they will drop off the server on day 31. However, regulations or corporate policies may require keeping certain backups longer, so often they will designate a monthly of a yearly backup that has an extended retention for one or even up to seven years. 

Recently, backup servers have been targeted by ransomware actors.  Criminals will study an organization’s environment and specifically backup services. Therefore, it’s extremely important to have a backup for the backup. One of the preferred methods is a secondary cloud copy of the backup server.  Since the cloud copy sits on a separate network, it provides a layer of security making it more difficult to span the separate cloud network and target the secondary backup copy.

In most cases, backups like those discussed above have recovery times of hours for a localized power outage or even days for a flooded server room, for example. For an HR system, this RTO may be acceptable. For a point-of-sale system, this could mean significant lost revenue.

High availability

When a backup’s RTO and RPO time values do not meet the needs for recovering a company’s critical systems (OLTP servers, for instance), high-availability replication is an effective alternative for ensuring required operational performance levels are met. High-availability replication accomplishes this by keeping an exact copy of critical servers, maintained by real-time, byte-level replication, which remain powered off until needed. 

When that time comes, a failover procedure is initiated, and the copy assumes the role of the production system. The failover process typically occurs within a matter of a second or minutes, depending upon the server configuration or network latency. In cases of hardware failure or data center disasters, high-availability replication can stave off a data loss disaster.

However, since replication is real-time, an offline copy can be corrupted if the primary is attacked by ransomware. Therefore, system snapshots may be required to maintain clean point in time copies of the system. Snapshots are typically non-intrusive, do not noticeably delay replication and provide a failover with a better RPO than backup.

Like with backup, an off-site cloud solution can step in if on-site servers are out of commission. Latency can slightly lengthen recovery a small amount as the off-site cloud boots up, but the time to recovery still feels like a blip to users or customers.

For some organizations there may be no data critical enough to warrant implementing this high-availability architecture. For others, all data may be considered essential. For most, the reality will be fall somewhere in the middle. If companies are highly regulated or mandated by specific corporate retention requirements, a combination of high-availability replication and backup will likely exist for the same server.

Ensuring resilience against ransomware

In a blended backup/high-availability strategy, what matters most is deciding which systems are backed up by which before the worst happens. Whether handling backup for your own organization or for clients’, it’s important to have a well-tested backup plan in place that takes in RTOs based on acceptable amounts of downtime for data and applications.

4 ways ransomware can cost your business (in addition to extortion)

Cybersecurity analysts are charting both a rise in ransomware incidents and in amounts cybercriminals are demanding from businesses to restore their data. That’s bad news in itself, but what’s often overlooked are the additional ways – beyond payments victims may or may not choose to make– victims pay for these attacks.

Our latest threat report found the average ransomware payment peaked in September 2020 at more than $230 thousand. But the ransom alone doesn’t tell the whole story. To do that, we conducted another study to tally and quantify the collateral damage from surging ransomware incidents and rising extortion amounts.

These are some of those affects inflating the price tag of an attack, which we call The Hidden Costs of Ransomware.

1. Lost productivity

Our survey data found that hours of lost productivity from a ransomware incident were closely related to the length of time to discovery of the attack. Generally, faster detection meant limiting the spread of the infection and less time spent on remediation. In other words, the further ransomware spreads the longer it takes to eradicate. Unfortunately, almost half (49%) of respondents to our survey reported being unaware of the infection for more than 24 hours.

A third of incidents were reportedly remediated in 1-3 hours, while 17 percent required 3-5 days of effort. We attempted to quantify these lost hours based on hours spent on remediation (easily measurable) and the opportunity costs from diverting resources from IT teams’ “blue sky” responsibilities (tougher to measure).

Factoring in varying costs of IT resources, we determined low/high cost estimates for hours of remediation reported by survey respondents. These ran from $300/$750 for three hours or remediation to $4,000/$10,000 for five workdays of remediation. (A full breakdown is available in the report.)

2. Downtime costs

Regardless of whether an organization decides to pay a ransom, how long does it take to return to normal operations?

In our study, businesses that didn’t pay ransoms had recovered their data quicker than those that didn’t pay. Specifically, 70 percent of companies that didn’t pay a ransom were able to recover their data within a business day, compared to 46 percent that did.

Presumably this has to do with whether a target had readily available backups, and lost time due to back and forth with extortionists or time spent making a payment.

One of the most important factors in determining downtime costs is specifying the value of the data that’s become unavailable. Is it critical to conducting business operations? Or is it nice to have but not essential like marketing or prospecting data?

Determining data’s value helps businesses formulate their recovery time objectives (RTOs). For non-critical data and applications, a 24-hour recovery time may fall within the RTO. For mission-critical data, a 24-hour recovery may exceed the tolerable limit and help drive the cost of downtime higher than the ransom itself.

3. Impact on client operations

Nearly half (46%) of the businesses in our survey reported client operations being adversely affected by a ransomware incident at their own company. This could quickly sever business relationships that take a long time to build and result in the loss of anticipated revenue. But that’s not even be the riskiest aspect of client operations being affected.

The implications of supply chain attacks, especially for MSPs, came into sharper focus last year following the SolarWinds attack. Were a cybercriminal to compromise a trusted supplier to distribute ransomware, rather than for surveillance as in that attack, the costs could be enormous.

MSPs should seriously consider the possibility of becoming the source for such a supply chain attack, especially those with clients in critical industries like energy, public utilities, defense and healthcare.   

4. Brand and reputational damage

Consider the headlines and airtime generated by ransomware attacks against high-profile targets. A Google search of “Garmin ransomware,” for instance, returns more than 1 million results. While your organization may not be a global tech giant, it also likely doesn’t have the staying power of one.

In our study, 38 percent of businesses admitted their brand was harmed by a run-in with ransomware. Beyond lost customers, publicity issues could force businesses to enlist the services of expensive PR or communications firms to repair the damage.

Businesses with the resources to do so should consider themselves lucky, because the alternative is worse. Silence or an uncoordinated response to a ransomware attack – especially one that affects customers – can come of as unserious, callous or ineffective.

Reputational damage in an age of heightened sensitivity to cybersecurity incidents can have significant consequences. Our data shows that 61 percent of consumers switched some or all their business to a competing brand in the last year, and 77 percent admit they retract their loyalty now quicker than they once did.

The list goes on…

By no means is this an exhaustive list of the hidden costs of ransomware. They extend to fines for breaches of compliance regulation, the rising costs of cybersecurity insurance and a host of other unforeseen consequences.

For the complete findings from our survey and our recommendations for not encountering these hidden costs, download the full report.

Download the eBook