by Steven Jurczak | Oct 21, 2020 | Home + Mobile
October 21 is Wonder Woman Day. It commemorates Wonder
Woman’s first appearance in All Star Comics
#8. With the upcoming release of Wonder Woman 1984, we took the
opportunity to talk superheroes, superpowers and protecting data with our very
own Briana Butler, Engineering Services Manager at Webroot.
Q: Wonder Woman got her powers from her divine mother, Queen Hippolyta. How did you get your data protection superpowers?
I had a reboot in life. I was previously a retail buyer then
I went back to school for computer science and ended up switching to the business
school. I was hired at Webroot to be a bridge between engineering and business
– you have to have people that can speak both languages – and that’s exactly
what I wanted to do and what I was trying to forge with my new career.
I first began as a data analyst, which meant working on privacy
compliance, GDPR, CCPA, and data mapping, understanding where data is stored and
processed, and who has access to it. My latest role is as an Engineering Services
Manager, meaning I help engineering and product with personnel and hiring needs,
ISO certification and making sure our development teams receive the training
they need to stay up to date with the fast pace of tech.
Q: Wonder Woman had several superpowers, or super powerful gadgets, like indestructible bracelets and a lasso that forced people to tell the truth. Is cyber resilience a superpower?
Every superhero has different talents or powers. When we
think of cyber resilience, it’s sort of like our own personal toolbox of powers
that we can use against malicious actors who want to take our data and make
money off it.
Our toolbox of cyber resilience includes basic best
practices like knowing how to create a strong password, not clicking every link
that comes into your email inbox and daily behaviors of how to navigate and
defend yourself online. The goal is to live your best digital life confidently, without
disruption.
Q: What about our data? Does that give us any powers that we wouldn’t have without it?
I think it’s more about understanding the power data has if
we give it away. When we give people access to our data, that’s when it becomes
powerful. Whether it’s corporations or malicious actors, when we willingly hand
out our data, that gives it power because then, they know things about us. I
talk a lot about privacy and why everyone should be more critical and cognizant
of the data they’re sharing. We share a lot more than we realize. It’s time for
all of us to understand what we’re sharing and then decide if we, personally,
really want to share it.
Q: Wonder Woman encountered her fair share of comic strip villains, like the Duke of Deception, Doctor Psycho and Cheetah. Who are the villains in the digital world?
They’re the malicious actors and cybercriminals who would take
your data and sell it on the open market. It could even be the person trying to
get access to your Hulu account. There are also nation-state actors and the
companies you buy things from. There’s a huge spectrum of villains, and they
all want your data. There’s big money in data. So, it’s important that you’re
aware of what’s being shared.
I’ve started reading privacy policies – those long,
convoluted legal documents – to see if I can understand where I’m going to be sharing
my information and make a more conscious decision.
For one large social platform, when I went through it, I started
asking myself, am I really okay sharing this information? Do I really need this
service or platform? Is it necessary in exchange for what I’m about to share
with them? In the end, I didn’t sign up for it.
I’ve also gone through the frustrating and somewhat time-consuming
act of cleaning up all my passwords and using a password manager. Most people
say they have anywhere from 15 to 20 password-protected accounts. But when I
went through all the places I’ve shared my password, it was upwards of 100!
One of my favorite topics is password strength. We recently
did an analysis of password configurations with Maurice Schmidtler, our head
data scientist, who created a Monte Carlo simulation.
We took what you usually see when you’re told to create a password – like using
uppercase and lowercase letters or special symbols – and applied those within
the simulation. What we found was that the more constraints you put on a password,
the fewer viable options you have for a strong password, meaning it decreases the
number of good password options. Whereas if you focus on creating a strong
password, where length is more important than the various character-type
constraints, you’ll end up with a much stronger password. Length is strength
because it takes more computing power to break.
Q: Wonder Woman was a founding member of the Justice League. So, even she needed the help of a squad to defeat the villains. Do we need help from a squad to be more cyber resilient?
We all need assistance because as humans, we are fallible. Inevitably,
someone might click on a malicious link, or some unforeseen event might happen where
you need a backup
that’s going to allow you to recover data instead of losing it permanently.
When it comes to ransomware, or really any other attack, you
need awareness. That’s why we encourage proactive education and regular security
awareness training, so people truly understand the threat landscape and how
to identify the most prevalent types of attacks.
Q: At one point in the story, Wonder Woman surrendered her superpowers and used fighting skills instead. In what ways do we surrender our powers when it comes to cyber resilience?
Oversharing content or data about yourself, your name or address
are surefire ways to surrender power in the digital age. All these things
identify you and allow criminals to gain insight that can be used against you
through social engineering.
You’re also surrendering power when you practice poor cyber
hygiene, like repeating passwords across multiple logins. Once a cybercriminal
gains access to one login, they can discover more details about you and use it
elsewhere. For example, you may not be worried about a criminal getting access
to your Netflix account, but if you use the same password there as you do with
your bank, then the situation just became much more serious.
You also surrender power by not protecting your home network
and not using VPN when you’re on public Wi-Fi. People often think “it won’t
happen to me,” until it’s too late. And recovery can be costly and time-consuming.
That’s why implementing layers of protection up front strengthens cyber
resilience and helps keep your digital life easy, secure and free of complications.
Q: Are you going to watch the new Wonder Woman movie?
Oh sure! I will because I’ve seen all the other ones. I’m a
big fan of Guardians of the Galaxy. And, of course, I love Iron Man. And I was
a big fan of Black Panther, too. Doctor Strange is also one of my faves.
Q: If cybercriminals were villains from Wonder Woman, who would they be?
The Duke of Deception! Hackers, cybercriminals and nation-state
actors are constant antagonists, and that’s exactly who we defend our users against.
by Kyle Fiehler | Oct 19, 2020 | Business + Partners, Managed Service Providers
Fine-tuning privacy for any preference
A DNS filtering service that accommodates DNS over HTTPS (DoH) can strengthen an organization’s ability to control network traffic and turn away threats. DoH can offer businesses far greater control and flexibility over their privacy than the old system.
The most visible use of DNS is typically the browser, which
is why all the usual suspects are leading the charge in terms of DoH adoption. This
movement has considerable steam behind it and has extended beyond just
applications as Microsoft,
Apple
and Google
have all announced their intent to support DoH.
Encrypting DNS requests is an
indisputable win for privacy-minded consumers looking to prevent their ISPs
from snooping on and monetizing their browsing habits. Businesses, on the other
hand, should not easily surrender this visibility since managing these requests
adds value, helping to keep users from navigating to sites known to host
malware and other threats.
Here are three examples of how.
1. By enhancing DNS logging control
Businesses have varying motivations for tracking online
behavior. For persistently troublesome users—those who continuously navigate to
risky sites—it’s beneficial to exert some control over their network use or
even provide some training on what it takes to stay safe online. It can also be
useful in times of problematic productivity dips by helping to tell if users
are spending inordinate amounts of time on social media, say.
On the other hand, for CEOs and other strategic business
units, tracking online activity can be cause for privacy concerns. Too much
detail into the network traffic of a unit tasked with investigating mergers and
acquisitions may be unwanted, for example.
“If I’m the CEO of a company, I don’t want people paying attention
to where I go on the internet,” says Webroot DNS expert Jonathan Barnett. “I
don’t want people to know of potential deals I’m investigating before they
become public.”
Logging too much user information can also be problematic
from a data privacy perspective. Collecting or storing this information in
areas with stricter laws, as in the European Union, can unnecessarily burden
organizations with red tape.
“Essentially it exposes businesses to requirements
concerning how they’re going to use that data, who has access to it and how
long that data is preserved” says Barnett.
By optionally never logging user information and backing off
DNS logging except when a request is deemed a security threat, companies
maintain both privacy and security.
2. By allowing devices to echo locally
With DoH, visibility of DNS requests is challenging. The
cumulative DNS requests made on a network help to enhance its security as tools
such as SIEMs and firewalls leverage these requests by controlling access as
well as corelating the requests with other logs and occurrences on the
network.
“Let’s say I’m on my network at the office and I make a DNS
request,” explains Barnett. “I may want my DNS request to be seen by
the network as well as fielded by my DNS filtering service. The network gets
value out of DNS. If I see inappropriate DNS requests I can go and address the
user or fix the device.”
Continuing to expose these DNS requests through an echo to
the local network provides this, while the actual requests are secure and
encrypted by the DNS protection agent using DoH. This option achieves the best
of both worlds by adding the security of DoH to the security of the local
network.
3. By allowing agents to fail open
DNS is instrumental to the functionality of the internet. So,
the question is, what do we do when a filtered answer is not available? By
failing over to the local network, it’s assured that the internet continues to
function. However, there are times when filtering and privacy are more
important than connectivity. Being able to choose if DNS requests can leak out
to the local network helps you stay in control by choosing which is a priority.
“Fail open
functionality essentially allows admins to make a tradeoff between the
protection offered by DNS filtering and the productivity hit that inevitably
accompanies a lack of internet access,” says Barnett.
Privacy your way
The encryption of DoH enables options for fine-tuning
privacy preferences while preserving the security benefits of DNS filtering. Those
that must comply with the needs of privacy-centric users now have control over
what is revealed and what is logged, while maintaining the benefits of
communicating using DoH.
Click here
to read related blogs covering the transition to DNS over HTTPS.
by Connor Madsen | Oct 16, 2020 | Industry Intel
Backdoor Found in Children’s Smartwatch
Researchers have discovered that the X4, made by Norwegian
smartwatch seller Xplora,
contains a backdoor that could allow for information to be stolen. The X4 watch
is designed specifically for children with a limited number of capabilities, mostly
for children’s security. The backdoor, however, could allow attackers to take
snapshots, view messages, call records, and access geolocational data from the
wearer. The watches are designed and built in China and it remains unclear who
has access to data created and stored on the devices.
Ransomware Strikes London Borough
The London borough of Hackney
recently fell victim to a ransomware attack, taking several of the council’s
primary services offline. While still little is known about the attack, it’s likely
that encrypted files were also stolen for auctioning to the highest bidder.
Council officials are working with law enforcement to determine the initial
attack vector and information that may have been targeted.
Carnival Reveals Updates to Recent Cyberattack
Nearly two months after a ransomware attack compromised a third-party
vendor for the Carnival
Corporation, the company announced sensitive passenger information has indeed
been exposed. An undetermined number of customers and employees may be affected
across three Carnival cruise lines. With 150,000 employees worldwide, and
upwards of 13 million customers, this data breach could be affect millions of
individuals.
Ransomware Takes Aim at International Law Firm
International law firm Seyfarth
Shaw has confirmed a ransomware attack targeted their systems over the
weekend. While the extent of the attack remains unclear, several systems were
forced offline after encryption was executed to stop additional spreading. Firm
officials stated that no client information was stolen or illicitly accessed,
but they are still operating without email or a live website. Some systems were
saved from the attack but officials have yet to confirm if customers were
affected by the breach.
Software AG Suffers Major Data Breach
German IoT specialist Software
AG suffered a ransomware attack that was able to exfiltrate significant
amounts of data. Officials have confirmed that, while they have been able to
maintain online services throughout the attack, the malicious downloading of an
unknown amount of sensitive data did take place. The attacking group has not
yet been identified, but other attacks of similar scale have cost companies
anywhere from $20 to $70 million in ransoms for the return of their data.
by Connor Madsen | Oct 9, 2020 | Industry Intel
New Jersey Hospital Pays Massive Ransom
Officials have decided to pay roughly $670,000 in ransom
following a ransomware attack on the University
Hospital in New Jersey. The hospital was likely forced into this decision after
being unable to restore from backups the 240GB of data stolen in the attack on
their systems. It’s not entirely clear what information was stolen, but given the
haste of payment it was likely highly sensitive patient data.
COVID-Related Cyberattacks Target Canadian Companies
A recent survey revealed that over 25% of all Canadian
business organizations had been targeted by a COVID-19-themed
cyberattack since the beginning of the year. Most of the organizations surveyed
also reported seeing a significant rise in overall cyberattacks since the pandemic
began. Worrisome findings also revealed that 38% of organizations surveyed were
unsure if they had fallen victim to any type of cyberattack, which could mean
the amount of customer information for sale on black markets could be
significantly higher.
Boom! Mobile Website Compromised
Customer data has been compromised for users of the Boom!
Mobile website, which was infiltrated by malicious JavaScript. It’s still
unclear how the unauthorized code got onto the site or how long was active.
Officials for the mobile company have confirmed they do not store payment card
data and that no Boom! Mobile accounts were compromised.
Major Ransomware Attacks Increase Through Q3
Researchers have reported a massive increase in ransomware
attacks in Q3 of 2020, with the Maze group being responsible for 12% of all
attacks. They also reported that Ryuk ransomware variants were responsible for
an average of 20 attacks per week. With the ongoing neglect of cybersecurity in
major corporations, ransomware attacks will likely continue as long as their
authors find them profitable.
Chicago Food Delivery Service Stricken with Data Breach
Nearly 800,000 customer records were compromised following a
data breach at ChowBus,
a Chicago-based food delivery service. With roughly 440,000 unique email
addresses exposed, many individuals are now more susceptible to additional phishing
attacks or identity theft. Fortunately, however, ChowBus does not store payment
card information on its site.
by Kyle Fiehler | Oct 6, 2020 | Business + Partners, SMBs
Like many of the technologies we discuss on this blog—think
phishing scams or chatbots—deepfakes aren’t necessarily new. They’re just
getting a whole lot
better. And that has scary implications for both private citizens and
businesses alike.
The term “deepfakes,” coined
by a Reddit user in 2017, was initially most often associated with
pornography. A once highly trafficked and now banned subreddit was largely
responsible for developing deepfakes into easily created and highly believable
adult videos.
“This is no longer rocket science,” an AI researcher told
Vice’s Motherboard in an early story on the problem of AI-assisted deepfakes
being used to splice celebrities into pornographic videos.
The increasing ease with which deepfakes can be created also
troubles Kelvin Murray, a senior threat researcher at Webroot.
“The advancements in getting machines to recognize and mimic
faces, voices, accents, speech patterns and even music are accelerating at an
alarming rate,” he says. “Deepfakes started out as a subreddit, but now there
are tools that allow you to manipulate faces available right there on your
smartphone.”
While creating deepfakes used to require good hardware and a
sophisticated skillset, app stores are now overflowing
with options creating them. In terms of technology, they’re simply a specific
application of machine learning technology, says Murray.
“The basics of any AI system is that if you throw enough
information at it, itcan pick it up. It can mimic it. So, if you give it enough
video, it can mimic a person’s face. If you give it enough recordings of a
person, it can mimic that person’s voice.”
There are several ways deepfakes threaten to redefine the
way we live and conduct business online.
Deepfakes as a threat to privacy
A stolen credit card can be cancelled. A stolen identity,
especially when it’s a mimicked personal attribute, is much more difficult to
recover. The hack of a firm dedicated to developing facial recognition
technology, for instance, could be a devastating source of deepfakes.
“So many apps, sites and platforms host so many videos and
recordings today. What happens when they get hacked? Will the breach of a
social media platform allow a hacker to impersonate you,” asks Murray.
Businesses must be especially careful about the data they
collect from customers or users, asking both if it’s necessary to collect and if
it can be stored safely afterwards. If personal data must be collected,
security must be a top priority, and not only for ethical reasons. Governments
are starting to enact some strict regulations and doling out some stiff fines
for data breaches.
Ultimately, Murray thinks those governments may need to
weigh in more heavily on the threat of deepfakes as they become even more
indistinguishable from reality.
“We’re not going to stop this technology. It’s here. But
people need to have the discussion about where we’re heading. In the same way GDPR
was created to protect people’s data, we’re going to need to have a similar
conversation about deepfakes leading to a different kind of identity theft.”
Deepfakes as a cybersecurity threat to businesses
It’s important to note the ways in which deepfakes can be
used to target businesses, not just to spoof individuals.
“These business-related instances aren’t too common yet,”
says Murray. “But we’re at the beginning of a wave right now in terms of
AI-enabled threats against businesses.
A late
2019 attack against a U.K. energy firm could be a sign of scary things to
come. Rather than video, this attack took advantage of voice-spoofing
technology to pose as an executive’s manager, insisting he wire nearly $250
thousand to a “supplier” immediately. In the aftermath of the scam, the victim
reported being convinced by both the accent and the rhythm of the fake speech
pattern.
To safeguard against what could be a rising attack method,
Murray recommends businesses understand what deepfakes are capable of and
follow best practices for avoiding fraud, no matter the technology.
“Have well-defined protocol for changing account details and
signing off on any invoices,” he advises “Train financial and accounting teams
especially rigorously on these protocols and encourage them to pick up the
phone and double-check when anything seems strange or off. In these days of
increased working from home it’s also tougher for financial staff to walk up to
other finance or sales colleagues and make informal double checks.”
Deepfakes and misinformation campaigns
Soon after deepfakes went mainstream, implications for
politics and the weaponization of misinformation became clear, prompting the
U.S. Senate to address the issue in
2018.
While initially used to humiliate or extort people, mostly
women, malicious actors began to see them as a way to sway public opinion or
sow chaos. Deeptrace,
a company dedicated to uncovering deepfakes, has noted instances where
manipulated video was used to promote social discord and scandal across the
globe.
“Deepfakes further undermine our ability to believe what we
read, and now even watch, on the internet,” says Murray. This leads to
widespread distrust, especially on issues where understanding is crucial, like
the coronavirus pandemic, where misinformation is bountiful.
To combat misinformation, Murray advises to keep in mind how
much of it is out there. Always consider the source of the information you’ve
received before acting on it, especially if it makes you angry or elicits some
other strong emotional response.
Deepfakes will likely make the internet even more difficult
to rely on as a source of information in the years to come. But reducing their
impact starts with understanding how far they’ve come and what they’re capable
of.
by Connor Madsen | Oct 2, 2020 | Industry Intel
Ryuk Shuts Down Universal Health Services
Computer systems for all 400 Universal
Health Services facilities around the globe have reportedly been shut down
following an attack by the Ryuk ransomware group. Ryuk is known for targeting
large organizations, but the healthcare industry has been gaining popularity
among these groups due to high volumes of sensitive information and typically
low levels of security. It’s unknown if the healthcare firm has paid ransoms
for the encrypted data or if they are restoring systems from available backups.
Global Insurance Firm Targeted by Ransomware
The Fortune 500 insurance firm AJG
was forced to take several computer systems offline over the weekend after
identifying a cyber-attack. It’s still unclear which ransomware variant was
responsible for the attack and officials with the firm haven’t revealed if customer
or employee information was stolen. Third-party researchers confirmed multiple AJG
servers, unpatched for a serious vulnerability, could have been the entry point
for the attack.
French Shipping Company Knocked Offline by Ransomware
All computer systems and websites belonging to CMA
CGM, a French shipping giant, were knocked offline by a crippling ransomware
attack. This attack on CMA CGM makes them the fourth international shipping
company to fall victim to a cyberattack, which have proven profitable, in as
many years. The company has verified that the Ragnar Locker ransomware group
was behind the attack, though they have not revealed the ransom asked.
Cyber Attack Forces Swatch to Disconnect Online Services
Though not confirmed by Swatch,
the Swiss watchmaker was reportedly forced to take many of their systems
offline after likely falling victim to a ransomware attack. While the company
did not verify the type of attack, ransomware’s prevalence this year makes it a
likely culprit. Swatch has announced they plan to seek legal action against the
attackers.
DDoS Attacks See Substantial Rise in 2020
There were over 4.8 million DDoS
attacks during the first half of 2020, a 15% rise over the same period last
year. May alone saw more than 900,000 DDoS attacks, a record for most in a
single month. Ninety percent of these attacks lasted for under an hour, marking
another shift from previous years’ attacks. They have also increased in
complexity, leaving victims and researchers with little time to defend
themselves.
by Justine Kurtz | Oct 1, 2020 | Business + Partners, SMBs, Threat Lab
Have you ever met a person who
thinks they know it all? Or maybe you’ve occasionally been that person in your
own life? No shame and no shade intended – it’s great (and important) to be
confident about your skills. And in cases where you know your stuff, we
encourage you to keep using your knowledge to help enhance the lives and
experiences of the people around you.
But there’s a big difference between being reasonably confident and having false confidence, as we saw in our recent global survey. Featured in the report COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, the survey data shows that, all over the world, people are pretty confident about their ability to keep themselves and their data safe online. Unfortunately, people are also still getting phished and social engineering tactics aimed at employees are still a major way that cybercriminals successfully breach businesses. These data points strongly suggest that we aren’t all being quite as cyber-safe as we think.
Overconfidence by the Numbers
Approximately
3 in 5 people (59%) worldwide think they know enough to stay safe online.
You may think 59% doesn’t sound
high enough to earn the label of “false confidence”. But there were two
outliers in our survey who dragged the average down significantly (France and
Japan, with only 44% and 26% confidence, respectively). If you only take the
average of the five other countries surveyed (the US, UK, Australia/New
Zealand, Germany and Italy), it’s a full ten percentage points higher at 69%. UK
respondents had the highest level of confidence out of all seven regions
surveyed with 75%.
8 in 10 people say they take steps to determine if an
email message is malicious.
Yet 3 in 4 open emails and click links from unknown
senders.
When so many of us claim to know what to do to stay safe online (and even say we take steps to determine the potential sketchiness of our emails), why are we still getting phished? We asked Dr. Prashanth Rajivan, assistant professor at the University of Washington and expert in human behavior and technology, for his take on the matter. He had two important points to make.
Individualism
According to Dr. Rajivan, it’s important to note that
Japan had the lowest level of confidence about their cybersecurity know-how
(only 26%), but the survey showed they also had the lowest rate of falling
victim to phishing (16%). He pointed out that countries with more individualistic
cultures seem to align with countries who ranked themselves highly on their
ability to keep themselves and their data safe.
“When people adopt a less individualistic mindset and, instead, perceive themselves to have a greater responsibility to others, their average level of willingness to take risks decreases. This is especially important to note for businesses that want to have a cyber-aware culture.”
– Prashanth Rajivan, Ph.D.
The Dunning-Kruger Effect
Another factor Dr. Rajivan says may contribute to overconfidence in one’s ability to spot phishing attacks might be a psychological phenomenon called the “Dunning-Kruger Effect”. The Dunning-Kruger Effect refers to a cognitive bias in which people who are less skilled at a given task tend to be overconfident in their ability, i.e. we tend to overestimate our capabilities in areas where we are actually less capable.
How These Numbers Affect Businesses
Only 14% of workers feel that a company’s cyber
resilience is a responsibility all employees share.
The
correlations between overconfidence and individualism may also translate into a
mentality that workers are not responsible for their own cybersecurity during
work hours. While 63% of workers surveyed agree that a cyber resilience
strategy that includes both security tools and employee education should be a
top priority for any business, only 14% felt that cyber resilience was a shared
responsibility for all employees.
How to Create a Cyber Aware Culture
The short answer: a strong combination of employee training and tools.
The long answer: when asked what
would help them feel better prepared to avoid phishing and prevent
cyberattacks, workers worldwide agreed that their employers need to invest more
heavily in training and education, in addition to strong cybersecurity tools.
Dr. Rajivan also agrees, stating that, if employers want to build cybersecurity
awareness into their business culture, then they need to invest heavily in
their people.
“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”
– Prashanth Rajivan, Ph.D.
Additionally, he tells us, “Human
behavior is shaped by past experiences, consequences and reinforcement. To see
a real change in human behavior related to phishing and online risk-taking habits
in general, people need frequent and varied experiences PLUS appropriate
feedback that incentivizes good behavior.”
Ultimately, the importance of
training can’t be emphasized enough. According to real-world data from
customers using Webroot® Security Awareness Training, which provides both
training courses and easy-to-run, customizable phishing simulations, consistent
training can reduce click rates on phishing scams by up to 86.5%.
It’s clear a little training can go a long way. If you want to increase cyber
resilience, you have to minimize dangerous false confidence. And to do that, you
need to empower your workforce with the tools and training they need to
confidently (and correctly) make strong, secure decisions about what they do
and don’t click online.
Learn more
about Security Awareness Training programs.
by Connor Madsen | Sep 29, 2020 | Industry Intel
DHS Announces Massive Increase in LokiBot Attacks
By monitoring and tracking of cyberattacks over 2020, U.S.
Department of Homeland Security (DHS) officials have uncovered a significant
increase in cyberattacks being carried out by LokiBot,
a malicious info-stealer of stored passwords and cryptocurrency information.
The increase in LokiBot attacks can likely be attributed to its ability to
steal credentials from hundreds of applications, and its range of other features
that make it appealing to a wide variety of cyber criminals.
Long Island Hospital Suffers Data Breach
Blackbaud,
a third-party vendor for a Long Island hospital, may have exposed sensitive
patient information after it suffered a data breach this summer. In a July statement,
Blackbaud revealed personally identifiable information for a number of patients
was stolen but claimed it was destroyed shortly afterwards. Affected patients
have been contacted regarding the breach and stolen information.
Thousands of Customers Exposed in Town Sports Breach
A database containing highly sensitive information belonging
to over 600,000 customers and employees of Town
Sports International was found publicly exposed on the internet. Town
Sports recently filed for bankruptcy and was notified of this breach roughly a
week later. While the company did not publically respond to the findings, the
information secured the following day included everything from physical
addresses to payment card info and other billing data. Past clients of the
fitness chain should be wary of any emails they receive regarding their Town
Sports memberships.
Global Operation Takes Down Major Dark Web Drug Network
In a major collaboration between Europol and other global
intelligence organizations, 179 individuals across six countries have been
arrested in relation to drug
trafficking through Dark Web markets. Officials also revealed that this
bust allowed them to seize $6.5 million in cash and hundreds of kilograms of
illicit drugs. The operation is another setback for anonymous marketplaces allowing
for the buying and selling of illegal goods and services as law enforcement continues
to target rogue online bazaars.
Data from Over 200 Merchants Leaked in Shopify Breach
Data from at least 200 merchants was compromised after an
internal support employee for Shopify
was found to be stealing data. While the data included only basic contact
information on customers and no payment card or social security info was taken,
officials for Shopify are still working to determine the extent of the theft
and if it has further changed hands. The employees involved with this breach
have since been fired and all access to Shopify systems has been revoked to prevent
further incident.
by Justine Kurtz | Sep 28, 2020 | Business + Partners, Managed Service Providers
“Ten years ago, you didn’t see
state actors attacking [small businesses]. But it’s happening now,” warns
George Anderson, product marketing director at Carbonite + Webroot, OpenText
companies.
Sadly, many of today’s managed
service providers who serve small and medium-sized businesses now have to
concern themselves with these very threats. Independent and state-sponsored
hacking groups use sophisticated hacking tools (advanced persistent threats or
APTs), to gain unauthorized access to networks and computers, often going undetected
for months or even years at a time. In fact, according to the 2020 Verizon Data
Breach Investigations Report, cyber-espionage is among the top patterns
associated with breaches targeting businesses worldwide.
These attacks can be difficult
even for highly sophisticated enterprise security teams to detect, stop or
recover from. But all businesses, no matter their size, must be ready for them.
As such, MSPs, themselves ranging in size from a few techs to a few hundred
professionals, may find they need help protecting their SMB customers from APTs;
that’s on top of the consistent onslaught of threats from ordinary, profit-motivated
cyberattackers. That’s where the concept of cyber resilience comes in.
What does cyber resilience look like?
“Being [cyber] resilient – knowing
that even if you’re knocked offline you can recover quickly – is essential for
today’s businesses,” George says.
The reality is that today’s organizations have to accept a breach is pretty much inevitable. Their level of cyber resilience is the measure of the organization’s ability to keep the business running and get back to normal quickly. “It’s being able to absorb punches and get back on your feet, no matter what threatens,” as George put it in a recent podcast with Joe Panettieri, co-founder MSSP Alert & ChannelE2E.
Read
more about how businesses can build a cyber resilient company culture.
How can businesses and MSPs achieve cyber resilience?
Because cyber resilience is about
both defending against attacks and preparing for their inescapability, a major component in a strong resilience
strategy is the breadth of coverage a business has. In particular, having
tested and proven backup and disaster recovery solutions in place is the first
step in surviving a breach. If a business has reliable, real-time (or near
real-time) recovery capabilities, then in the event of an attack, they could
make it through barely skipping a beat.
Now, George has clarified that “no
single solution can offer complete immunity against cyberattacks on its own.”
To reduce the risk of events like data loss from accidental deletion, device
theft or hardware failure, your clients need multiple layers of protection that
secure their devices and data from multiple angles. Here are George’s top data
protection tips:
Ultimately, George says ensuring
business continuity for MSPs and the businesses they serve through
comprehensive cyber resilience solutions is the primary goal of the Carbonite +
Webroot division of OpenText.
“We want to up the advocacy and
stop attacks from happening as much as we possibly can. At
the same time, when they
inevitably do happen, we want to be able to help MSPs recover and limit lost
time, reputation damage, and financial impact so businesses can keep
functioning.”
To learn more about cyber
resilience, click here.
by Mit Patel | Sep 24, 2020 | Business + Partners, Managed Service Providers
Guest blog by Mit Patel, Managing Director
of London based IT Support company,
Netstar.
In this article, Webroot sits down with Mit
Patel, Managing Director of London-based MSP partner, Netstar, to discuss the
topic of remote work during a pandemic and tips to stay cyber resilient.
Why is it important to be cyber resilient, specifically when working remote?
It’s always important to be cyber
resilient, but a lot has changed since the start of the COVID-19 lockdown that needs
to be taken into consideration.
Remote work has posed new problems for
businesses when it comes to keeping data secure. Since the start of lockdown,
there has been a significant increase in phishing scams, ransomware attacks and
malicious activity. Scammers now have more time to innovate and are using the
widespread anxiety of coronavirus to target vulnerable people and businesses.
Moreover, the sudden shift in working
practices makes the pandemic a prime time for cyber-attacks. Employees can no
longer lean over to ask a colleague if they are unsure about the legitimacy of
an email or web page. Instead, they need to be confident in their ability to
spot and avoid potential security breaches without assistance.
Remote work represents a significant change
that can’t be ignored when it comes to the security of your business. Instead,
businesses need to be extra vigilant and prioritise their cyber resilience.
What does cyber resilience mean to you?
It’s important to differentiate between
cyber resilience and cyber security. Cyber security is a component of cyber
resilience, referring to the technologies and processes designed to prevent
cyber-attacks. Whereas, I believe cyber resilience goes a step further,
referring to the ability to prevent, manage and respond to cyber threats. Cyber
resilience recognises that breaches can and do happen, finding effective
solutions that mean businesses recover quickly and maintain functionality. The
main components of cyber resilience include, training, blocking, protecting,
backing up and recovering. When all these components are optimised, your cyber
resilience will be strong, and your business will be protected and prepared for
any potential cyber threats.
Can you share some proactive methods for staying cyber resilient when working remote?
Absolutely. But it’s important to note that
no solution is 100% safe and that a layered approach to IT security is necessary
to maximise protection and futureproof your business.
Get the right
antivirus software. Standard antivirus software
often isn’t enough to fully protect against viruses. Businesses need to
consider more meticulous and comprehensive methods. One of our clients, a
licensed insolvency practitioner, emphasized their need for software that will
ensure data is protected and cyber security is maximised. As such, we
implemented Webroot SecureAnywhere
AnitVirus, receiving excellent client feedback, whereby the client stressed
that they can now operate safe in the knowledge that their data is secure.
Protect your network. DNS Protection is a critical layer for your cyber resilience
strategy. DNS will protect you against threats such as malicious links, hacked
legitimate websites, phishing attacks, CryptoLocker and other ransomware
attacks. We have implemented DNS Protection
for many of our clients, including an asset management company that wanted to
achieve secure networks with remote working capability. In light of the current
remote working situation, DNS Protection should be a key consideration for any
financial business looking to enhance their cyber resilience.
Ensure that you
have a strong password policy. Keeping your
passwords safe is fundamental for effective cyber resilience, but it may not be
as simple as you think. Start by making sure that you and your team know what
constitutes a strong password. At Netstar, we recommend having a password that:
- Is over 10 characters long
- Contains a combination of
numbers, letters and symbols
- Is unpredictable with no
identifiable words (even if numbers or symbols are substituted for letters)
You should also
have different passwords for different logins, so that if your security is
compromised for any reason, hackers can only access one platform. To fully
optimise your password policy, you need to consider multi-factor
authentication. Multi-factor authentication goes a step further than the
traditional username-password login. It requires multiple forms of
identification in order to access a certain email account, website, CRM etc. This
will include at least two of the following:
- Something you know (e.g. a
password)
- Something you have (e.g. an ID
badge)
- Something you are (e.g. a
fingerprint)
Ensure that you
have secure tools for communication. Collaboration
tools, like Microsoft Teams, are essential for remote working. They allow you
to communicate with individuals, within teams and company-wide via audio calls,
video calls and chat.
When it comes to
cyber resilience, it’s essential that your team know what is expected of them.
You should utilise collaboration tools to outline clear remote working guidance
to all employees. For example, we would recommend discouraging employees from
using personal devices for work purposes. The antivirus software installed on
these devices is unlikely to be of the same quality as the software installed
on work devices, so it could put your business at risk.
Furthermore, you
need to be confident that your employees can recognise and deal with potential
security threats without assistance. Individuals can no longer lean across to
ask a colleague if they’re unsure of the legitimacy of something. They need to
be able to do this alone. Security
awareness training is a great solution for this. It will teach your team
about the potential breaches to look out for and how to deal with them. This
will cover a range of topics including, email phishing, social media scams,
remote working risks and much more. Moreover, courses are often added and
updated, meaning that your staff will be up to date with the latest scams and
cyber threats.
Implement an effective backup and disaster recovery strategy
Even with every
preventive measure in place, things can go wrong, and preparing for disaster is
crucial for effective cyber resilience.
In fact, a lot of
companies that lose data because of an unexpected disaster go out of business
within just two years, which is why implementing an effective backup and
disaster recovery strategy is a vital layer for your cyber resilience strategy.
First, we advise storing
and backing up data using an online cloud-based system. When files are
stored on the cloud, they are accessible from any device at any time. This is
particularly important for remote working; it means that employees can collaborate
on projects and access necessary information quickly and easily. It also means
that, if your device is wiped or you lose your data, you can simply log in to
your cloud computing platform and access anything you might need. Thus, data
can easily be restored, and you’re protected from potential data loss.
Overall, disaster
recovery plans should focus on keeping irreplaceable data safe. Consider what
would happen to your data in the event of a disaster. If your office burned
down, would you be confident that all your data would be protected?
You should be
working with an IT support partner that can devise an effective and efficient
disaster recovery plan for your business. This should set out realistic
expectations for recovery time and align with your insurance policy to protect
any loss of income. Their goal should be to get your business back up and
running as quickly as possible, and to a high standard (you don’t want an IT
support partner that cuts corners). Lastly, your IT support provider should regularly
test your strategy, making sure that if disaster did occur, they could quickly
and effectively restore the functionality of your business.
What else should fellow MSPs keep in mind during this trying time?
In the last four years, cyber resilience
has become increasingly important; there are so many more threats out there,
and so much valuable information that needs protecting.
We have happy clients because their
machines run quickly, they experience less IT downtime, and they rarely encounter
viruses or malicious activity. We know that we need to fix customers’ problems
quickly, while also ensuring that problems don’t happen in the first place.
Innovation is incredibly important to us, which is why we’ve placed a real
focus on proactive client advisory over the last 24 months.
That’s where a strong cyber resilience
strategy comes into play. MSPs need to be able to manage day-to-day IT queries,
while also focusing on how technology can help their clients grow and succeed
in the future.There is plenty of advice around the nuts and bolts of IT
but it’s the advisory that gives clients the most value. As such, MSPs should ensure
they think like a customer and make technological suggestions that facilitate
overall business success for their clients.
