Girl Scouts and OpenText empower future leaders of tomorrow with cyber resilience

The transition to a digital-first world enables us to connect, work and live in a realm where information is available at our fingertips. The children of today will be working in an environment of tomorrow that is shaped by hyperconnectivity. Operating in this...

World Backup Day reminds us all just how precious our data is

Think of all the important files sitting on your computer right now. If your computer crashed tomorrow, would you be able to retrieve your important files? Would your business suffer as a result? As more and more of our daily activities incorporate digital and online...

3 Reasons We Forget Small & Midsized Businesses are Major Targets for Ransomware

The ransomware attacks that make headlines and steer conversations among cybersecurity professionals usually involve major ransoms, huge corporations and notorious hacking groups. Kia Motors, Accenture, Acer, JBS…these companies were some of the largest to be...

How Ransomware Sneaks In

Ransomware has officially made the mainstream. Dramatic headlines announce the latest attacks and news outlets highlight the staggeringly high ransoms businesses pay to retrieve their stolen data. And it’s no wonder why – ransomware attacks are on the rise and the...

An MSP and SMB guide to disaster preparation, recovery and remediation

Introduction It’s important for a business to be prepared with an exercised business continuity and disaster recovery (BC/DR) plan plan before its hit with ransomware so that it can resume operations as quickly as possible. Key steps and solutions should be followed...

Podcast: Cyber resilience in a remote work world

The global pandemic that began to send us packing from our offices in March of last year upended our established way of working overnight. We’re still feeling the effects. Many office workers have yet to return to the office in the volumes they worked in pre-pandemic....

5 Tips to get Better Efficacy out of Your IT Security Stack

If you’re an admin, service provider, security executive, or are otherwise affiliated with the world of IT solutions, then you know that one of the biggest challenges to overcome is efficacy. Especially in terms of cybersecurity, efficacy is something of an amorphous...

How Cryptocurrency and Cybercrime Trends Influence One Another

Typically, when cryptocurrency values change, one would expect to see changes in crypto-related cybercrime. In particular, trends in Bitcoin values tend to be the bellwether you can use to predict how other currencies’ values will shift, and there are usually...

Threat hunting: Your best defense against unknown threats

Threat actors are becoming more sophisticated, agile and relentless in their pursuit of stealing personal information for financial gain. Rapid and evolving shifts in the threat landscape require the knowledge and solutions to prepare and prevent threats that could spell disaster for organizations’ reputations and operations.

Organizations of all sizes remain at risk. Small to medium-sized businesses (SMBs) and managed service providers (MSPs) are especially vulnerable to the stealth efforts of bad actors. With fewer financial resources, a ransomware payment demand could mean the difference between staying in business and closing up shop.

Government entities are also prone to attack. In December 2021, Belgium’s Ministry of Defence experienced a cyberattack exploiting the Log4j vulnerability that paralyzed the ministry’s computer network. Within the same month, Australia’s utility company, CS Energy, experienced a ransomware attack involving the well-known ransomware Conti.

Evolving cyber threats can be unpredictable, but that doesn’t mean businesses have to tackle them alone. A robust security stack can help businesses stay protected and prepared. Establishing this level of resilience involves partnering with a provider that has human-powered threat hunting resources.

What is threat hunting?

Threat hunting involves actively searching for adversaries before an attack is carried out. Threat hunting involves the use of tools, intelligence and analytics combined with human intervention. Threat hunting centers around the proactive containment and identification of potentially damaging files before malicious vectors can cause severe damage to an organization’s operations.

What does a threat research analyst do?

“At Webroot, we focus our efforts on analyzing customer data. Our threat research analysts examine this data to determine if malicious files are present. Our analysts are constantly looking for files that possess certain characteristics that make up various types of malware. If we identify and determine that critical elements of a suspicious file are present, we classify and block them. Making determinations can be approached in different ways. One avenue of determination is carried out by creating isolated conditions to run the suspicious file to see what results it presents,” says Marcus Moreno, manager, threat research at Carbonite + Webroot, OpenText companies.

“Since our database is comprised of mass quantities of SMB and MSP data, we can continue to make determinations from a large and evolving data set. This is why SMBs and MSPs can derive value from partnering with Webroot,” adds Moreno.

Take your security stack to the next level

Cyberattacks will continue to be a concern for businesses, governments and individuals. Combatting cyber threats means adopting a cyber resilience approach. Cyber resilience is the ability to remain operational in the face of threats – whether human or maliciously-based. One important element of a solid cyber resilience strategy is to remain in a pre-emptive and proactive stance. Avoid costly ransomware payment demands, bolster customer confidence and minimize downtime for business operations by investing in a solutions provider backed by threat hunting capabilities.

Discover how Webroot’s solutions can protect your business.

Report: Phishing Attacks Sustain Historic Highs

Phishing attacks sustain historic highs

In their latest report, IDG and the pros behind Carbonite + Webroot spoke with 300 global IT professionals to learn the current state of phishing. We learned that 93% of IT executives are still concerned about phishing – and it’s no wonder, as companies averaged 28 attacks each over the previous 12 months.

Luckily, the report details how to fight back. With the right preparation and the right protection, companies can prevent all but 0.3% of attacks.

Phishing capitalizes on COVID

Phishing attacks have been part of the cybercriminal arsenal for years. But it’s only recently that phishing has flourished into the scourge it is today. That’s because cybercriminals have found success by targeting COVID-19 fears with their schemes.

In fact, phishing attacks spiked by 510% from just January – February 2020, according to the 2021 Threat Report. These increases leveled off by the summer, but phishing attacks still increased 34% from September – October 2020. Overall, 76% of executives report that phishing is still up compared to before the pandemic.

COVID-based tactics might purport to have new info on a shutdown, to share COVID stats or even suggest info from your doctor. But in each case, cybercriminals are looking to steal your information.

Who’s getting attacked?

IT departments are feeling the brunt of these attacks, with 57% of them targeted by phishing. Carbonite + Webroot Sr. Security Analyst Tyler Moffitt says, “Even if malware targets someone with lower-level access, the attack will move laterally to eventually find an IT administrator.”

He goes on to say that attackers can then linger for a week or more to find valuable data or steal a balance sheet that gives an indication of how much ransom to charge.

Because they often have important credentials, top executives and finance groups are also common targets. Public-facing customer service employees also offer easy access.

Consequences of phishing

75% of global IT executives say they’ve suffered negative consequences from phishing attacks. That includes:

  • 37% suffered downtime lasting more than a day
  • 37% suffered exposure of data
  • 32% lost productivity
  • 19% had to pay legal or regulatory fines

A layered approach to security

But it’s not all bad news. Yes, phishing is using new tactics to target businesses. But there are ways to fight back.

The report cites training as one of the most effective tools. But the frequency of training varies greatly, and 25% of those who use it don’t include phishing simulations. By using security awareness training that offers regular simulations, you can reduce phishing by up to 70%.

But even with great training, the report notes that people will still click some of the time. That’s why a multi-layered approach gives peace of mind that not all is lost if one person messes up.

No layer is 100% effective, but taken together many layers get very close. A defense in depth security posture utilizing DNS and endpoint detection as well as a sound backup strategy can give you confidence that you’re prepared to withstand even a successful phishing attack.

Ready to start protecting yourself and your business? Explore how Carbonite + Webroot provide a full range of cyber resilience solutions.

Download the IDG report.

The Benefits of Using a VPN on Your Home Network

If you’ve considered using a virtual private network (VPN) at all, it’s likely to establish a secure connection while working remotely or to connect to public networks. But privacy enthusiasts appreciate the benefits of a VPN even from the comfort of their own homes. Depending on your level of comfort with your internet service provider (ISP) – and what country you live in – setting one up for your household may be a smart bet.

Before diving into why, here is a brief refresher on what a VPN is and why they’re useful.

The VPN basics

Think of a VPN as a tunnel your internet traffic travels through to keep nosy onlookers from being able to see what you’re doing online. More literally, VPNs are tools used to encrypt network traffic and to hide a user’s IP address by masking it with a proxy one – in this case one belonging to the VPN provider.

A VPN may route your encrypted traffic through a datacenter located anywhere in the world (though it’s best when it’s nearby so the user’s experience doesn’t suffer).

Why would one want to use a VPN?

Typically, they’re used by individuals logging onto public networks as an assurance their activities won’t be monitored. In addition to maintaining privacy, this also prevents cybercriminals from stealing sensitive data from banking transfers, paying bills or conducting other sensitive transactions from places like airports or coffee shops.

Corporations may also mandate the use of VPNs for remote workers so that sensitive company data is more difficult to compromise. To protect against data breaches or other leaks, network administrators typically encourage encrypting traffic using a tool like a VPN.

Check out this post for more on why you should use a VPN on public networks.

Do you need to use a VPN at home?

 It depends on a number of factors.

It depends on where you live and how private you want to keep your web browsing habits. Physical location is a factor because, in the United States, it’s been legal since 2017 for ISPs to sell certain data they’re able to gather unless the customer explicitly opts out. Most major ISPs claim to not sell user data, especially anything that can be used to identify the user, but it’s technically not illegal.

In countries where this practice is prevented by law, users may have fewer privacy concerns regarding their ISP. In the European Union, for example, strict privacy standards laid out in the General Data Protection Regulation (GDPR) prevent even the gathering of user data by ISPs. This makes the case for a VPN at home harder to make, since most websites already encrypt data in transit and home networks are unlikely to be targeted by things like man-in-the-middle attacks.

For U.S. users, though, using a VPN at home makes good privacy sense. Despite some attempts to learn what major ISPs do with our data, they’re not always forthright with their policies. There are also no guarantees an ISP won’t suddenly change those policies regarding the sale of user data.

If you don’t want to leave the issue up to your ISP, shielding personal data with a VPN is a good choice.

Choose your VPN wisely

If you’re not careful, your VPN can end up doing the same thing you got it to avoid.

“If you’re not paying for it, you are the product,” or so the saying goes. This is especially true for many free VPN services. Free solutions often track and sell your browsing data to advertisers to generate revenue. Be sure to choose a “no-log” solution that doesn’t track your online activity for sale to third-parties.

It’s also important you choose a VPN from a vendor that:

  • Is established enough to have access to servers worldwide
  • Has a professional support team on-staff and available to assist with any issues  
  • Is easy to configure and simple to use, so you actually will!

After checking these boxes, it’s a smart choice to use a VPN at home under some circumstances.

For a proven, reliable solution, consider making Webroot® WiFi Security your VPN of choice on the go and at home.

Data Privacy Week 2022: The Security Awareness Canary in the Coalmine

Whether you’re shopping for the latest tech gadgets or checking your work email, your online presence is susceptible to malicious threats. No industry or sector is immune. Even in the early days of 2022, a hospital in Jackson, Florida, experienced a ransomware attack that left medical professionals struggling to access patient records. Attacks like this not only have implications for patient care, but they also serve as a stark reminder of ongoing privacy issues in the online realm. As consumers and businesses are becoming increasingly more concerned about their data privacy, understanding how to protect that information becomes vital.

This week, the global community is rallying together to raise awareness about online privacy through Data Privacy Week.

What is Data Privacy Week?

Data Privacy Week began as a day of awareness in the United States, Canada and Europe and to commemorate the signing of Convention 108, the first internationally binding agreement addressing privacy and data protection. This year, the initiative has expanded to a week-long effort to generate awareness.

As data privacy and security implications become important for both businesses and individuals, there are a series of steps everyone can take:

  • Adopt privacy mindfulness. Whether it’s for your home or your business, ensure you take privacy into account when you agree to the terms and conditions of items available for download from the internet or when you create a program that may expose your employees to online risk.
  • Educate yourself. Avoid common attempts to compromise your information and identity by investing in security awareness training. Participate in simulated modules to test your knowledge and learn what traps to avoid.
  • Back up your precious files. Not ready to part with your personal information? Make sure it’s backed up. That way, if you experience accidental or malicious data loss, your information is secure and accessible.
  • Use antivirus software. Ensure online activities like shopping and browsing are secure by investing in a reliable antivirus. Adhere to updates and always renew your subscription to avoid a lapse in protection.
  • Partner with a reliable provider. Some providers offer free protection and backup solutions, but can you really trust them? Always do your research and select a reputable provider to keep your devices and data safe.

From the rise of ransomware as a service (RaaS) to the use of malware to disrupt the political landscape, security, privacy and governance remain at a crossroads. With no signs of a resolution apparent, it’s important for everyone to take stock of their security stack.

One reliable approach is to adopt cyber resilience. Cyber resilience is a multi-layered, defense in depth strategy to ensure continuous access to your personal and business data no matter what happens.  Establishing cyber resilience begins by assessing your current defense approach and employing the tools and know-how to remain protected and prepared for unknown threats. Whether it’s taking the time to educate your staff, upgrading your antivirus solution or investing in a reliable backup provider, make cyber resilience a priority.

This Data Privacy Week, let’s move beyond just becoming more aware of bad actors. Let’s take action to protect our data and our privacy. 

Security awareness training: An educational asset you can’t be without

The onset of COVID-19 accelerated growth of the digital nomad. No longer just for bloggers and influencers, the global workforce is increasingly becoming more highly connected and widely dispersed. As workforces become more globally linked, businesses large and small need to protect themselves from evolving threats. Employees represent the first line of defense from malicious vectors that attempt to compromise your organization’s information technology infrastructure through common access points.

With approximately 1 in 10 malicious sites hosted on a benign domain, could you spot the difference? Being aware is the first step towards protecting your business. Security awareness training (SAT) can help.

What is Security Awareness Training?

Security awareness training is a proven, knowledge-based approach to empowering employees to recognize and avoid security compromises while using business devices. Through a series of effective delivery modules, SAT provides employees with relevant information and knowledge on topics like social engineering, malware, compliance and information security.

Effective security awareness training can significantly boost your organization’s security posture. Simply put, this type of training empowers your team to remain vigilant against cyber scams or attacks that prey on human error.

Why Webroot?

Webroot® Security Awareness Training offers your business an easy to implement training program that helps to reduce the risk of security breaches. Through a series of simulations based on real-world attacks, employees gain the know-how to spot common scams, including phishing attempts that could wreak havoc on your IT infrastructure. Webroot’s training has been recognized as a Strong Performer in The Forrester Wave™: Security Awareness and Training Solutions category. Our industry-first, global management features allow you to spend less time deploying our solution and more time reaping the benefits for your business.

Here’s why Webroot® Security Awareness Training adds value:

Proven efficacy. With computer-based training, your employees will be able to drastically reduce the odds of clicking on a malicious link within a short period of time.

Relevant and current effective training. Experience over 120 courses at one inclusive rate. Course topics include cybersecurity, phishing and General Data Protection Regulation (GDPR). Webroot has 85 micro learning modules that can be completed in 10 minutes or less. With multiple media formats, extend your reach with infographics, videos and posters.

Fully customizable phishing simulator. Over 200 real-world templates for everyday scenarios, including shipping alerts, vendor invoices, missed delivery, human resource policy changes, account lockout, critical software updates and more.

Trackable campaigns. Successfully monitor and track your employees’ success within a built-in learning management system (LMS). LMS automatically keeps track of participation, sends reminders and schedules reports for review. Reports can be shared with management to show progress and accountability. 

Give your employees the know-how to combat cyber threats

To reduce infections, cut downtime and ensure your business remains resilient against evolving cyberattacks, security awareness training is a must. From compliance training to spotting phishing attacks, training is a critical element of developing and maintaining a robust cyber resilience posture.

Maximize your ability to protect your business with security awareness training. Whether you’re an enterprise, SMB or MSP, make security awareness training part of your regular cyber education routine.

Prevent costly security breaches with Webroot® Security Awareness Training.

To get started with a free trial, please visit, https://www.webroot.com/ca/en/business/trials/security-awareness

Pro tips for backing up large datasets

Successfully recovering from disruption or disaster is one of an IT administrator’s most critical duties. Whether it’s restoring servers or rescuing lost data, failure to complete a successful recovery can spell doom for a company.

But mastering the recovery process happens before disaster strikes. This is especially true for large datasets. Our breakdown is here to help you along the way. We also have an even more detailed walkthrough for how to back up large datasets.

Large datasets have lots of variables to consider when figuring out the ‘how’ of recovery. After all, recovery doesn’t happen with the flip of a switch. Success is measured by retrieving mission critical files in the right order so your business can get back to business.

5 essential questions to ask before backing up large datasets

IT pros know that a successful recovery takes trial and error, and even a bit of finesse. And with many things in life, a bit of preparation can save a lot of downtime. So before you start, ask yourself these questions:

  1. What’s my company’s document retention policy? (And don’t forget regulatory requirements like GDPR)

First, you need to ensure you satisfy your company’s retention policy and that you’re in compliance with any regulatory requirements when choosing what to backup. Before sifting through your data and making hard decisions about what to protect, you need to take this important step to make sure you don’t run afoul of legislation or regulations.

Once in full compliance with company policies and regulations, it’s time to highlight any data that affects the operations or the financial health of the business. Identifying mission critical data allows you to prioritize backup tasks based on desired recovery options.

You can also exclude data that isn’t mission critical and isn’t covered by regulations from regular backup scheduling. Any bandwidth you save now will give you added flexibility when you make it to the last step.

  • What types of data do I have (and can I compress it)?

Data is more than 1s and 0s. Some datasets have more redundancy than others, making them easier to compress while images, audio and video tend to have less redundancy. Your company might have a lot of incompressible images leading you to utilize snapshot or image backup. This allows you to move large datasets over a network more efficiently without interrupting critical workflows.

  • How frequently do my data change?

The rate of change for your data will determine the size of your backups and help you figure out how long it will take to recover. That’s because once you have an initial backup and complete the dedupe process, backups only need to record the changes to your data.

Anything that doesn’t change will be recoverable from the initial backup. Even with a very large dataset, if most of your data stays static then you can recover from a small disruption very quickly. But no matter the rate of change, anticipating how long it will take to recover critical data informs your business continuity plans.

  • What size backup will my network support?

Bandwidth capacity is a common denominator for successful recoveries. It’s important to remember that you can only protect as much data as your network will allow. Using all your bandwidth to make daily backups can grind business to a halt. This is where your preparation can help the most.

Once you’ve answered the first four questions, you should know which data need to be accessible at any hour of the day. You can protect this data onsite with a dedicated backup appliance to give you the fastest recovery times. Of course, you’ll still have this data backed up offsite in case a localized disaster strikes.

Money matters

IT assets cost money and often represent large investments for businesses. New technologies bring advancements in business continuity but can also add complications. And to top it all off, IT ecosystems increasingly must support both legacy technology and new systems.

Some vendors are slow to adapt new pricing models that fit with emerging technologies. They add on excessive overage charges and ‘per instance’ fees. This adds costs as businesses scale up their environments – more servers, databases and applications increasingly escalate prices.

Finding the right partner

That’s why it’s so important to work with a vendor that offers unlimited licensing. You’re empowered to protect what you need and grow your business without worrying about an extra cost. Most importantly, businesses shouldn’t have to skimp on protection because of an increase in price.

Time to get started

Protecting large datasets goes beyond just flipping a switch. Preparation and careful consideration of your data will help you land on a strategy that works for your business.

Interested in learning more about Carbonite backup plans?

Explore our industry leading solutions and start a free trial to see them in action.

2022: The threat landscape is paved with faster and more complex attacks with no signs of stopping

2020 may have been the year of establishing remote connectivity and addressing the cybersecurity skills gap, but 2021 presented security experts, government officials and businesses with a series of unprecedented challenges. The increased reliance on decentralized connection and the continued rapid expansion of digital transformation by enterprises, small to medium-sized businesses (SMBs) and individuals, provided cybercriminals with many opportunities to exploit and capitalize on unsuspecting businesses and individuals. With nothing short of a major financial windfall waiting in the midst, numerous organizations and individuals fell victim to the mischievous efforts of malicious actors.

Threats abound in 2021

In 2021, we witnessed so many competing shifts, many of which we detailed early on in our 2021 BrightCloud® Threat Report. In particular, we witnessed an increase in distributed denial of service (DDoS) attacks and a surge in the usage of the internet of things (IoT). For enterprises, SMBs and individuals that entrust IoT devices for work and entertainment, this opens up vulnerabilities to malicious vectors that take advantage of unprotected blind spots and wreak havoc.

The cybercrime marketplace also continued to get more robust while the barrier to entry for malicious actors continued to drop. This has created a perfect breeding ground for aspiring cybercriminals and organized cybercrime groups that support newcomers with venture capitalist-style funding.

Suffice to say, a lot has been happening at once.

Below, our security experts forecast where the main areas of concern lie in the year ahead.

Malware

Malware made leaps and bounds in 2021. In particular, six key threats made our list. These dark contenders include LemonDuck, REvil, Trickbot, Dridex, Conti and Cobalt Strike.

“In 2022, the widespread growth of mobile access will increase the prevalence of mobile malware, given all of the behavior tracking capabilities,” says Grayson Milbourne, security intelligence director, Carbonite + Webroot, OpenText companies. Malicious actors will continue to improve their social engineering tactics, making it more difficult to recognize deception and make it increasingly easier to become a victim, predicts Milbourne.

Ransomware

Earlier in 2021, we detailed the hidden costs of ransomware in our eBook. Many organizations when faced with an attack, gave into the demands of threat actors, paying hundreds of thousands of dollars on average. Since mid-October 2021, there have been more than 25 active strains of ransomware circulating. The evolution of ransomware as a service (RaaS) has vastly proliferated. Conti, in particular, continues to be the more prevalent ransomware affecting SMBs.

“As the year progresses, we will likely see faster times to network-wide deployment of ransomware after an initial compromise, even in as little as 24 hours,” says Milbourne.

“Stealth ransomware attacks, which would deploy all the necessary elements to control, exfiltrate and encrypt key assets of an organization but do not execute until there is no alternative, will likely continue to proliferate,” says Matt Aldridge, principal solutions consultant at Carbonite + Webroot. “This approach will be used to get around restrictions on reporting and on ransomware payments. Criminals can extort their targets based on the impending threat of ransomware without ever having to encrypt or exfiltrate the data. This could lead to quicker financial gains for criminals, as organizations will be more willing to pay to avoid generating awareness, experiencing major downtime or incurring data protection fines,” forecasts Aldridge.

Cryptocurrency  

There was no shortage of discussion surrounding cryptocurrency and its security flaws. The rise of exchange attacks grew, and quick scams reigned. The free operation of cryptocurrency exchanges and marketplaces will be significantly impacted by government regulation and criminal investigation in 2022, especially in the United States.

“This year, we will likely see new threat actors become strategic in their cost-benefit analysis of undertaking long-term mining versus short-term ransomware payments. The focus will likely fall to Linux and the growth of manipulation of social media platforms to determine price,” predicts Kelvin Murray, senior threat researcher, Carbonite + Webroot.

Supply chain

“Simply put, attacks on the supply will never stop; it will only get worse,” says Tyler Moffitt, senior security analyst at Carbonite + Webroot. Each year the industry gets increasingly stronger and more intelligent. Yet every year, we witness more never-before-seen attacks and business leaders and security experts are constantly looking at each other thinking, “I’m glad it wasn’t us in that supply chain attack,” continues Moffitt.

General Data Protection Regulation (GDPR) fines have more than doubled since they came out a few years ago just as ransom amounts have increased. These fine values have also been promoted on leak sites. Moffitt predicts GDPR will continue to increase their fines, which may serve to help, instead of thwart, the threat of ransomware extortion.

Phishing

Last year, we forecasted phishing would continue to remain a prevailing method of attack, as unsuspecting individuals and businesses would fall victim to tailored assaults. In our mid-year BrightCloud® Threat report, we found a 440% increase in phishing, holding the record for the single largest phishing spike in one month alone. Industries like oil, gas, manufacturing and mining will continue to see growth in targeted attacks. Consumers also remain at risk. As more learning, shopping and personal banking is conducted online, consumers could face identity and financial theft.

What to expect in 2022?

The new year ushers in a new wave of imminent concerns. In 2022, we expect to see an increased use of deepfake technology to influence political opinion. We also expect business email compromise (BEC) attacks to become more common. To make matters worse, we also foresee another record-breaking year of vulnerability discovery which is further complicated by bidding wars between bug bounty programs, governments and organized cybercrime. Most bug bounties pay six figures or less, and for a government or a well-funded cybercrime organization, paying millions is not out of reach. Ultimately, this means more critical vulnerabilities will impact individuals and businesses. The early days of 2022 will also be compounded by the discovery of Log4j bugs hidden within Java code.

“The critical vulnerability identified within Log4Shell is a great example of how attackers can remotely inject malware into vulnerable systems. This active exploitation is happening as we speak,” says Milbourne.

The key to preparing for the plethora of attacks we will likely witness in 2022 is to establish cyber resilience.

Whether you’re looking to protect your family, business or customers, Carbonite + Webroot offer the solutions you need to establish a multi-layer approach to combating these threats. By adopting a cyber resilience posture, individuals, businesses small and large can mitigate risks in the ever-changing cyber threat landscape.

Experience our award-winning protection for yourself.

To learn more about Carbonite and begin your free trial, please click here.

To discover Webroot’s solutions for yourself, begin a free trial here.

Season’s cheatings: Online scams against the elderly to watch out for

Each year, as online shopping ramps up in the weeks before the holidays, so do online scams targeting the elderly. This season – in many ways unprecedented – is no different in this regard. In fact, COVID-19, Zoom meetings, vaccination recommendations and travel warnings all provide ample and unique precedent for social engineering attacks.

Not surprisingly, cybercriminals often target those least able to protect themselves. This could be those without antivirus protection, young internet users or, unfortunately, your elderly loved ones. The FBI reported nearly $1 billion in scams targeting the elderly in 2020, with the average victim losing nearly $10,000.

This holiday season, it may be worth talking to elderly relatives about the fact that they can be targeted online. Whether they’re seasoned, vigilant technology users or still learning the ropes of things like text messaging, chat forums, email and online shopping, it won’t hurt to build an understanding of some of the most common elder fraud scams on the internet.

The most common types of online elder fraud

According to the FBI, these are some of the most common online scams targeting the elderly. While a handful of common scams against older citizens are conducted in person, the majority are enabled or made more convincing by the use of technology.

  • Romance scams: Criminals pose as interested romantic partners on social media or dating websites to capitalize on their elderly victims’ desire to find companions.
  • Tech support scams: Criminals pose as technology support representatives and offer to fix non-existent computer issues. The scammers gain remote access to victims’ devices and sensitive information.
  • Grandparent scams: Criminals pose as a relative—usually a child or grandchild—claiming to be in immediate financial need.
  • Government impersonation scams: Criminals pose as government employees and threaten to arrest or prosecute victims unless they agree to provide funds or other payments.
  • Sweepstakes/charity/lottery scams: Criminals claim to work for legitimate charitable organizations to gain victims’ trust. Or they claim their targets have won a foreign lottery or sweepstake, which they can collect for a “fee.”

All of the above are examples of “confidence scams,” or ruses in which a cybercriminal assumes a fake identity to win the trust of their would-be victims. Since they form the basis of phishing attacks, confidence scams are very familiar to those working in the cybersecurity industry.

While romance scams are a mainstay among fraud attempts against the elderly, more timely methods are popular today. AARP lists Zoom phishing emails and COVID-19 vaccination card scams as ones to watch out for now. Phony online shopping websites surge this time of year, and are becoming increasingly believable, according to the group.

Tips for preventing online elder scams

Given that the bulk of elder scams occur online, it’s no surprise that several of the FBI’s top tips for preventing them involve some measure of cyber awareness.

Here are the FBI’s top tips:

  • Recognize scam attempts and end all communication with the perpetrator.
  • Search online for the contact information (name, email, phone number, addresses) and the proposed offer. Other people have likely posted information online about individuals and businesses trying to run scams.
  • Resist the pressure to act quickly. Scammers create a sense of urgency to produce fear and lure victims into immediate action. Call the police immediately if you feel there is a danger to yourself or a loved one.
  • Never give or send any personally identifiable information, money, jewelry, gift cards, checks, or wire information to unverified people or businesses.
  • Make sure all computer anti-virus and security software and malware protections are up to date. Use reputable anti-virus software and firewalls.
  • Disconnect from the internet and shut down your device if you see a pop-up message or locked screen. Pop-ups are regularly used by perpetrators to spread malicious software. Enable pop-up blockers to avoid accidentally clicking on a pop-up.
  • Be careful what you download. Never open an email attachment from someone you don’t know and be wary of email attachments forwarded to you.
  • Take precautions to protect your identity if a criminal gains access to your device or account. Immediately contact your financial institutions to place protections on your accounts. Monitor your accounts and personal information for suspicious activity.

Pressure to act quickly is a hallmark of social engineering scams. It should set off alarm bells and it’s important to let older friends or family members know that. Using the internet as a tool to protect yourself, as recommended by the second bullet, is also a smart play. But more than anything, don’t overlook the importance of helping senior loved ones install an antivirus solution on their home computers. These can limit the damage of any successful scam in important ways.

Don’t wait until it’s too late. Protect the seniors in your life from online scams this holiday season. You might just save them significant money and hassle.

We have just the tool to do it, too. Discover our low-maintenance, no-hassle antivirus solutions here.

MSP to MSSP: Mature your security stack

Managed service providers (MSPs) deliver critical operational support for businesses around the world. As third-party providers of remote management, MSPs are typically contracted by small and medium-sized businesses (SMBs), government agencies and non-profit organizations to perform daily maintenance of information technology (IT) systems.

Similar to an MSP, managed security service providers (MSSPs) offer comparable organizations security management of their IT infrastructure, but are also enlisted to detect, prevent and respond to threats. An MSSP’s security expertise allows organizations that may not have the resources or talent to securely manage their systems and respond to an ever-evolving threat landscape.

Dark forces are increasing

The rise of ransomware, malware and other malicious vectors has transformed the threat landscape. According to our Hidden Costs of Ransomware report, 46% of businesses said their clients were impacted by an attack. A single cyber attack could trigger as much as $80 billion in economic losses across numerous SMBs, not to mention the ongoing supply chain attacks that stand to cripple an MSP’s business. With all this in mind, many MSPs have considered evolving into an MSSP provider, but at what cost?

Competitive advantage and financial gain

Some of the driving forces fueling MSPs towards this security-infused business model are revenue generation and market share. With the global managed security services market expected to balloon to over 65 billion USD within the next five years, becoming an MSSP has many tangible benefits. MSPs have the chance to extend their current offerings, fueling additional benefits for customers and potential growth to their customer base at the SMB and mid-enterprise level.

How to get there

To be considered an MSSP, an MSP needs to secure high availability security operations centers (SOCs) to enable 24/7/365 always-on security for their customers’ IT devices, systems and infrastructure. SOCs are comprised of highly skilled professionals. These professionals are trained to detect and mitigate threats that could negatively impact a customer’s data centers, servers or endpoints.

MSPs can take three approaches towards establishing MSSP offerings:

  • Build. MSPs considering this route will need to evaluate the cost and time associated with establishing its MSSP operations from the ground up. This requires a lot of money, time and resources to hire and train security personnel. These trained individuals must be capable of constant monitoring and regular calibration to ensure their customer’s systems are protected.

Only a handful of MSPs in the industry have been able to transition themselves into MSSPs. The lack of bandwidth and resources needed to address compliance issues keep many MSPs at bay. The transition is incredibly resource-intensive,” says George Anderson, product marketing director at Carbonite + Webroot, OpenText companies.

  • Buy. Opting to purchase an existing MSSP provider can enable an MSP to leverage current customers, processes and talent to service its existing customer base with the added benefit of providing data and network security. Purchasing an existing provider also allows MSSPs to extend their security offerings to a newly acquired set of customers. However, with little regulation, MSPs must do their due diligence to ensure they are purchasing a well-equipped provider.
  • Partner. One of the most efficient options for an MSP to pursue is partnering with an existing well-established MSSP. This allows an MSP to capitalize on the existing partner’s security expertise without having to develop the initial financial resources or technical expertise to support the creation and maintenance of its SOCs.

“MSPs contemplating the move to an MSSP business model should consider the value of a partnering strategy with a well-known security provider. By partnering with an existing MSSP, an MSP will be able to securely protect its customer IT infrastructure and provide timely responses after hours to ensure efficient detection and response,” says Shane Cooper, manager, channel sales at Carbonite + Webroot.

Transition to MSSP: risk or reward?

Transitioning from MSP to MSSP brings with it a series of quantifiable benefits. However, MSPs need to consider the size and scalability of service offerings they can provide, not to mention the costs associated with initially building their services or acquiring them from another provider. Partnering with a seasoned security provider allows MSPs to maintain their customer base while tapping into the resources and talent of a skilled and experienced provider.

“Many customers may be unaware of the quality of their SOC provider. MSPs transitioning into an MSSP may lack the proper resources and talent to respond to threats. It pays to optimize your investment with a security stack that brings the robust service and security elements together,” says Bill Steen, director, marketing at Carbonite + Webroot.

Webroot offers an MDR solution powered by Blackpoint Cyber, a leading expert in the industry. Webroot’s turnkey MDR solution has been developed by world-class security experts and is designed to enable 24/7/365 threat hunting, monitoring and remediation.

Optimize and mature your security stack with a provider you can trust. Secure your stack with Webroot.

To learn more about why partnering with Webroot can help your business and support your customers, please visit https://www.webroot.com/ca/en/business/partners/msp-partner-program

‘Tis the season for protecting your devices with Webroot antivirus

As the holiday season draws near, shoppers are eagerly searching for gifts online. Unfortunately, this time of year brings as much cybercrime as it does holiday cheer. Especially during the holidays, cybercriminals are eager to exploit and compromise your personal data. Even businesses large and small are not immune to the dark forces at work. Whether you purchase a new device or receive one as a gift, now is the time to consider the importance of protecting it with an antivirus program.

What is antivirus?

Antivirus is a software program that is specifically designed to search, prevent, detect and remove software viruses before they have a chance to wreak havoc on your devices. Antivirus programs accomplish this by conducting behavior-based detection, scans, virus quarantine and removal. Antivirus programs can also protect against other malicious software like trojans, worms, adware and more.

Do I really need antivirus?

In a word, yes. According to our 2021 Webroot BrightCloud Threat Report, on average, 18.8% of consumer PCs in Africa, Asia, the Middle East and South America were infected during 2020.

Antivirus software offers threat protection by securing all of your music files, photo galleries and important documents from being destroyed by malicious programs. Antivirus enables users to be forewarned about dangerous sites in advance. Antivirus programs also scan the Dark Web to determine if your information has been compromised. Comprehensive antivirus protection will also provide password protection for your online accounts through secure encryption.

Benefits of antivirus

By investing in antivirus protection, you’ll be able to maintain control of your online experience and best of all, your peace of mind.

Webroot offers three levels of antivirus protection. Our Basic Protection protects one device. You can rest easy knowing that your device, whether it’s a PC or Mac, will be protected. With lightning-fast scans, this line of defense offers always-on protection to safeguard your identity. Our real-time anti-phishing also blocks bad sites.

Looking to protect more than one device? We’ve got you covered. Our Internet Security Plus with AntiVirus offers all of the same great features as our basic protection but with the added bonus of safeguarding three devices. You’ll also have the ability to secure your smartphones, online passwords and enable custom-built protection if you own a Chromebook. 

For the ultimate all-in-one defense, we offer Internet Security Complete with AntiVirus, which protects five devices. Enjoy all the same features as our Basic and Internet Security Plus with AntiVirus but take advantage of 25G of secure online storage and the ability to eliminate traces of online activity.

Keep the holidays merry and bright

Safeguard all of your new and old devices with Webroot. Bad actors will always be hard at work trying to steal your personal information. Protect yourself and your loved ones by investing in antivirus protection.

Webroot offers complete protection from viruses and identity theft without slowing you down while you browse or shop online.

Experience our award-winning security for yourself.

To learn more about how Webroot can protect you, please visit https://www.webroot.com/us/en

Making the case for MDR: An ally in an unfriendly landscape

Vulnerability reigns supreme

On Oct. 26, we co-hosted a live virtual event, Blackpoint ReCON, with partner Blackpoint Cyber. The event brought together industry experts and IT professionals to discuss how security professionals can continue to navigate the modern threat landscape through a pragmatic MDR approach. During the event, we learned how the increase in ransomware attacks underscores the value of a robust defense and recovery strategy.  

A recent string of notable attacks including Microsoft Exchange, Kaseya, JBS USA, SolarWinds and the Colonial Pipeline, have clearly demonstrated that businesses and critical infrastructure are under assault. The spike in sophistication and speed of attacks has even caught the attention of the White House. It issued an Executive Order in May 2021, calling on the private sector to address the continuously shifting threat landscape.

For small to medium-sized businesses (SMBs) and managed service providers (MSPs), addressing these threats is made more difficult by resource-strapped teams at mid-sized organizations and budgetary constraints at small businesses.

Addressing ongoing SMB and MSP challenges

SMBs, unlike enterprise-level organizations, often suffer from a lack of adequate resources to effectively manage, detect and respond to ongoing security threats before they become full-blown attacks with dire consequences for continuity and productivity.

“Small businesses remain a prime target for threat actors. With minimal margins and few resources, one cyberattack could put a SMB out of business in a matter of days,” says Tyler Moffitt, senior security analyst at Carbonite + Webroot, OpenText companies.

For MSPs, their mid-market customers may not be at the scale or size of an enterprise to respond effectively to cyber threats. They may require additional resources to help boost defense infrastructure among customers. This leaves SMBs and MSP clients more vulnerable to attacks with the potential to cripple their business operations.

SMBs and MSPs don’t have to approach the evolving threat landscape alone. Managed detection and response (MDR) offers a reliable defense and response approach to cyber threats.

What is MDR?

Managed detection and response is a proactive managed cyber security approach to managing threats and malicious activity that empowers organizations to become more cyber resilient.

Carbonite + Webroot, OpenText companies, offers two new MDR options for customers looking for a threat detection and response system that meets their specific needs:

  • Webroot MDR powered by Blackpoint is a turnkey solution developed by world-class security experts to provide 24/7/365 threat hunting, monitoring and remediation. Guided by a board of former national security leaders and an experienced MDR team, Webroot MDR constantly monitors, hunts and responds to threats.
  • OpenText MDR is designed for SMBs with specific implementation and integration requirements determined by their business and IT environments. Backed by AI-powered threat detection, award-winning threat intelligence and a 99% detection rate, this MDR solution gives your business the ability to remain agile.

Having a MDR solution can:

  • Reduce the impact of successful attacks
  • Minimize business operations and continuity
  • Boost the ability to become cyber resilient
  • Achieve compliance with global regulations
  • Bolster customer confidence

In our 2020 Webroot Threat Report, we found that phishing URLs increased by 640% last year. Similar attacks, business email comprise (BEC) for instance, are a major scam malicious actors use to lure unsuspecting end users. BEC attacks have cost organizations almost 1.8 billion in losses, according to FBI reports. MDR helps to reduce costs and secure an organization’s overall security program investment.

In today’s ever-evolving threat landscape, no business can go without a proactive security program. As threat actors become increasingly more complex, their impact to SMBs and MSP customers becomes more severe. To prepare, manage and recover from threats, SMBs and MSPs should consider joining forces with a trusted partner to help boost their customer’s overall protection and remain prepared to tackle whatever threats may impact business continuity.

To learn more about how Webroot can empower your business and get your own MDR conversation started, get in touch with us here.

Shining a light on the dark web

Discover how cybercriminals find their targets on the dark web:

For the average internet user, the dark web is something you only hear about in news broadcasts talking about the latest cyberattacks. But while you won’t find yourself in the dark web by accident, it’s important to know what it is and how you can protect yourself from it. Afterall, the dark web is where most cybercrimes get their start.

The dark web explained

In short, the dark web is a sort of online club where only the members know the ever-changing location.

Once a criminal learns the location, they anonymously gain access to sell stolen information and buy illicit items like illegally obtained credit cards.

Innovations in the dark web

The dark web isn’t just a marketplace, though. It’s also a gathering area where criminals can recruit each other to help with their next attack.

In fact, the rising rates of malware and computer viruses can partially be explained by cyber criminals coming together to pool their talent. They’ve created a new model for cybercrime where criminal specialists sell their talents to the highest bidder. Criminals might even loan out new technology with the promise that they get a portion of any stolen funds.

Protecting yourself and your family

The first step in protecting yourself from criminals in the dark web is to have a plan. The right cybersecurity tools will keep your important financial documents and your most precious memories safe from attack – or even accidental deletion.

And while cybercriminals are developing new methods and tools, cybersecurity professionals are innovating as well. Strategies for cyber resilience combine the best antivirus protection with state-of-the-art cloud backup services, so you’re protected while also prepared for the worst.

Ready to take the first step in protecting you and your family from the dark web?

Explore Webroot plans.