In this article, Webroot sits down with Mit
Patel, Managing Director of London-based MSP partner, Netstar, to discuss the
topic of remote work during a pandemic and tips to stay cyber resilient.
Why is it important to be cyber resilient, specifically when working remote?
It’s always important to be cyber
resilient, but a lot has changed since the start of the COVID-19 lockdown that needs
to be taken into consideration.
Remote work has posed new problems for
businesses when it comes to keeping data secure. Since the start of lockdown,
there has been a significant increase in phishing scams, ransomware attacks and
malicious activity. Scammers now have more time to innovate and are using the
widespread anxiety of coronavirus to target vulnerable people and businesses.
Moreover, the sudden shift in working
practices makes the pandemic a prime time for cyber-attacks. Employees can no
longer lean over to ask a colleague if they are unsure about the legitimacy of
an email or web page. Instead, they need to be confident in their ability to
spot and avoid potential security breaches without assistance.
Remote work represents a significant change
that can’t be ignored when it comes to the security of your business. Instead,
businesses need to be extra vigilant and prioritise their cyber resilience.
What does cyber resilience mean to you?
It’s important to differentiate between
cyber resilience and cyber security. Cyber security is a component of cyber
resilience, referring to the technologies and processes designed to prevent
cyber-attacks. Whereas, I believe cyber resilience goes a step further,
referring to the ability to prevent, manage and respond to cyber threats. Cyber
resilience recognises that breaches can and do happen, finding effective
solutions that mean businesses recover quickly and maintain functionality. The
main components of cyber resilience include, training, blocking, protecting,
backing up and recovering. When all these components are optimised, your cyber
resilience will be strong, and your business will be protected and prepared for
any potential cyber threats.
Can you share some proactive methods for staying cyber resilient when working remote?
Absolutely. But it’s important to note that
no solution is 100% safe and that a layered approach to IT security is necessary
to maximise protection and futureproof your business.
Get the right
antivirus software. Standard antivirus software
often isn’t enough to fully protect against viruses. Businesses need to
consider more meticulous and comprehensive methods. One of our clients, a
licensed insolvency practitioner, emphasized their need for software that will
ensure data is protected and cyber security is maximised. As such, we
implemented Webroot SecureAnywhere
AnitVirus, receiving excellent client feedback, whereby the client stressed
that they can now operate safe in the knowledge that their data is secure.
Protect your network. DNS Protection is a critical layer for your cyber resilience
strategy. DNS will protect you against threats such as malicious links, hacked
legitimate websites, phishing attacks, CryptoLocker and other ransomware
attacks. We have implemented DNS Protection
for many of our clients, including an asset management company that wanted to
achieve secure networks with remote working capability. In light of the current
remote working situation, DNS Protection should be a key consideration for any
financial business looking to enhance their cyber resilience.
Ensure that you
have a strong password policy. Keeping your
passwords safe is fundamental for effective cyber resilience, but it may not be
as simple as you think. Start by making sure that you and your team know what
constitutes a strong password. At Netstar, we recommend having a password that:
Is over 10 characters long
Contains a combination of
numbers, letters and symbols
Is unpredictable with no
identifiable words (even if numbers or symbols are substituted for letters)
You should also
have different passwords for different logins, so that if your security is
compromised for any reason, hackers can only access one platform. To fully
optimise your password policy, you need to consider multi-factor
authentication. Multi-factor authentication goes a step further than the
traditional username-password login. It requires multiple forms of
identification in order to access a certain email account, website, CRM etc. This
will include at least two of the following:
Something you know (e.g. a
password)
Something you have (e.g. an ID
badge)
Something you are (e.g. a
fingerprint)
Ensure that you
have secure tools for communication. Collaboration
tools, like Microsoft Teams, are essential for remote working. They allow you
to communicate with individuals, within teams and company-wide via audio calls,
video calls and chat.
When it comes to
cyber resilience, it’s essential that your team know what is expected of them.
You should utilise collaboration tools to outline clear remote working guidance
to all employees. For example, we would recommend discouraging employees from
using personal devices for work purposes. The antivirus software installed on
these devices is unlikely to be of the same quality as the software installed
on work devices, so it could put your business at risk.
Furthermore, you
need to be confident that your employees can recognise and deal with potential
security threats without assistance. Individuals can no longer lean across to
ask a colleague if they’re unsure of the legitimacy of something. They need to
be able to do this alone. Security
awareness training is a great solution for this. It will teach your team
about the potential breaches to look out for and how to deal with them. This
will cover a range of topics including, email phishing, social media scams,
remote working risks and much more. Moreover, courses are often added and
updated, meaning that your staff will be up to date with the latest scams and
cyber threats.
Implement an effective backup and disaster recovery strategy
Even with every
preventive measure in place, things can go wrong, and preparing for disaster is
crucial for effective cyber resilience.
In fact, a lot of
companies that lose data because of an unexpected disaster go out of business
within just two years, which is why implementing an effective backup and
disaster recovery strategy is a vital layer for your cyber resilience strategy.
First, we advise storing
and backing up data using an online cloud-based system. When files are
stored on the cloud, they are accessible from any device at any time. This is
particularly important for remote working; it means that employees can collaborate
on projects and access necessary information quickly and easily. It also means
that, if your device is wiped or you lose your data, you can simply log in to
your cloud computing platform and access anything you might need. Thus, data
can easily be restored, and you’re protected from potential data loss.
Overall, disaster
recovery plans should focus on keeping irreplaceable data safe. Consider what
would happen to your data in the event of a disaster. If your office burned
down, would you be confident that all your data would be protected?
You should be
working with an IT support partner that can devise an effective and efficient
disaster recovery plan for your business. This should set out realistic
expectations for recovery time and align with your insurance policy to protect
any loss of income. Their goal should be to get your business back up and
running as quickly as possible, and to a high standard (you don’t want an IT
support partner that cuts corners). Lastly, your IT support provider should regularly
test your strategy, making sure that if disaster did occur, they could quickly
and effectively restore the functionality of your business.
What else should fellow MSPs keep in mind during this trying time?
In the last four years, cyber resilience
has become increasingly important; there are so many more threats out there,
and so much valuable information that needs protecting.
We have happy clients because their
machines run quickly, they experience less IT downtime, and they rarely encounter
viruses or malicious activity. We know that we need to fix customers’ problems
quickly, while also ensuring that problems don’t happen in the first place.
Innovation is incredibly important to us, which is why we’ve placed a real
focus on proactive client advisory over the last 24 months.
That’s where a strong cyber resilience
strategy comes into play. MSPs need to be able to manage day-to-day IT queries,
while also focusing on how technology can help their clients grow and succeed
in the future.There is plenty of advice around the nuts and bolts of IT
but it’s the advisory that gives clients the most value. As such, MSPs should ensure
they think like a customer and make technological suggestions that facilitate
overall business success for their clients.
Phishing has been around for ages
and continues to be one of the most common threats that businesses and home
users face today. But it’s not like we haven’t all been hearing about the
dangers of phishing for years. So why do people still click?
That’s what we wanted to find out when we conducted our most recent survey. We checked in with thousands of office workers across seven different countries to get a global perspective on phishing and people’s individual click habits. Then we partnered with Dr. Prashanth Rajivan, assistant professor at the University of Washington, to gain a deeper understanding of phishing and those habits, as well as how things have shifted during COVID-19 in our new report: COVID-19 Clicks: How Phishing Capitalized on a Global Crisis.
In this blog post, we’ve summarized this comprehensive report and included tips for how to stay safe, but we strongly encourage you to check out the full writeup.
Why do people still click?
3 in 10 people worldwide clicked a phishing link in the past year. Among Americans, it’s 1 in 3.
According to Dr. Rajivan, what we need
to consider is that human beings aren’t necessarily good at dealing with
uncertainty, which is part of why cybercriminals capitalize on upheaval (such
as a global pandemic) to launch attacks.
“People aren’t great at handling uncertainty. Even those of us who know we shouldn’t click on emails from unknown senders may feel uncertain and click anyway. That’s because we’ve likely all clicked these kinds of emails in the past and gotten a positive reward. The probability of long-term risk vs. short-term reward, coupled with uncertainty, is a recipe for poor decision-making, or, in this case, clicking what you shouldn’t.”
– Prashanth Rajivan, Ph.D.
Tip # 1
For businesses: Ensure workers have clear distinctions between work and personal time, devices, and obligations. This helps reduce the amount of uncertainty that can ultimately lead to phishing-related breaches.
For individuals: Hackers often exploit security holes in older software versions and operating systems. Update software and systems regularly to help shut the door on malware.
Has phishing increased since COVID-19 began
At least one in five people have received a phishing email related to COVID-19.
There’s no doubt that the global COVID-19 pandemic has changed a lot about how we live and work. According to our survey, 54% of workers spend more time working from home than they did before the pandemic. With more people connecting to the internet outside of corporate networks and away from the watchful eyes of IT teams, it’s to be expected that cybercriminals would take advantage.
“[We’ve seen] massive spikes […] in phishing URLs targeting COVID-related topics. For example, with more people spending time at home, use of streaming services has gone up. In March alone, we saw a 3000% increase in phishing URLs with ‘youtube’ in the name.
Regardless, the majority of people surveyed still think they are at least the same level of prepared or more prepared to spot phishing email attempts, now that they’ve spent more time working from home
“People are taking increased physical safety measures in the pandemic, including mask wearing, social distancing, more frequent hand-washing, etc. I think this heightened level of precaution and awareness could cause people to slightly overestimate their overall safety, including their safety regarding online threats.”
– Prashanth Rajivan, Ph.D.
Tip #2
For
businesses: Know your risk factors
and over prepare. Once you’ve assessed the risks, you can create a
stronger data breach response plan.
For individuals: Stay on your toes. By being vigilant
and maintaining a healthy dose of suspicion about all links and attachments in
messages, you can significantly decrease your phishing risk.
People say they know better. Do they really?
81% of people say they take steps to determine if an email message is malicious. Yet 76% open emails and click links from unknown senders.
When we asked Dr. Rajivan why these numbers don’t line up, he said the difference is between knowing what you should do and actually doing it
“There are huge differences between knowing what to do and actually operationalizing that knowledge in appropriate scenarios. I suspect many people don’t really take the actions they reported, at least not on a regular basis, when they receive suspicious emails.”
– Prashanth Rajivan, Ph.D.
Tip #3
For
businesses: Back up data and ensure
employees can access and retrieve data no matter where they are. Accidents
happen; what matters most is being able to recover quickly and effectively. Don’t
forget to back up collaboration tools too, such as Microsoft® Teams and the
Microsoft® 365 suite.
For individuals: Make
sure important data and files are backed up to secure cloud storage or an
external hard drive. In the case of a hard drive, make sure it’s only connected
while backing up, so you don’t risk backing up infected or encrypted files. If
it’s a cloud back up, use the kind that lets you to restore to a specific file
version or point in time.
What’s the way forward?
All over the world, workers say that in order to be better prepared to handle cyberattacks, they need more education.
According to global respondents, more knowledge and better understanding is key for stronger cyber resilience. The top three things people everywhere said would help them better prepare themselves to handle cyber threats like phishing were: knowing which tools could help prevent an attack, knowing what to do if you fall victim to an attack, and understanding the most common types of attacks.
Dr. Rajivan points out that, if businesses are asking individuals to make changes to their own behavior for the greater safety of all, then they need to make it clear they are willing to invest in their people.
“By creating a feeling of personal investment in the individuals who make up a company, you encourage the employees to return that feeling of investment toward their workplace. That’s a huge part of ensuring that cybersecurity is part of the culture. Additionally, if we want to enable employees to assess risk properly, we need to cut down on uncertainty and blurring of context lines. That means both educating employees and ensuring we take steps to minimize the ways in which work and personal life get intertwined.”
– Prashanth Rajivan, Ph.D.
Tip #4
For
businesses: Invest in your people. Empower
your people with regular training to help them successfully avoid scams and
exercise appropriate caution online.
For individuals: Educate yourself. Even if your company provides training, Dr.
Rajivan recommends we all subscribe to cybersecurity-related content in the
form of podcasts, social media, blogs, and reputable information sources to
help keep strong, cyber resilient behavior top-of-mind.
Want more details on click habits and shifting risks during COVID-19? Read our full report, COVID-19 Clicks: How Phishing Capitalized on a Global Crisis, to start building out your cybersecurity education today. And be sure to check back here on the Webroot blog for the latest in news in phishing prevention.
People’s fears and fantasies about artificial intelligence predate
even computers. Before the term was coined in 1956, computing pioneer Alan
Turing was
already speculating about whether machines could think.
By 1997 IBM’s Deep Blue had
beaten chess champion Gary Kasparov at his own game, prompting hysterical
headlines and the game Go to replace chess as the symbolic bar for human vs.
machine intelligence. At least until 2017 when Google’s AI platform AlphaGo ended human
supremacy in that game too.
This brief run through major milestones in AI helps
illustrate how the technology has progressed from miraculous to mundane. AI now
has applications for nearly every imaginable industry including marketing,
finance, gaming, infrastructure, education, space exploration, medicine and
more. It’s gone from unseating Jeopardy! champions to helping us do our taxes.
In fact, imagine the most unexciting interactions that fill
your day. Those to-dos you put off until it’s impossible to any longer. I’m
talking about contacting customer support. AI now helps companies do this
increasingly in the form of chatbots. The research firm Gartner tells
us consumers appreciate AI for its ability to save them time and for providing
them with easier access to information.
Companies, on the other hand, appreciate chatbots for their
potential to reduce operating costs. Why staff a call center of 100 people when
ten, supplemented by chatbots, can handle a similar workload? According
to Forrester, companies including Nike, Apple, Uber and Target “have
moved away from actively supporting email as a customer service contact
channel” in favor of chatbots.
So, what could go wrong, from a cybersecurity perspective,
with widespread AI in the form of customer service chatbots? Webroot principal
software engineer Chahm An has a couple of concerns.
Privacy
Consider our current situation: the COVID-19 crisis has forced
the healthcare industry to drastically amplify its capabilities without a
corresponding rise in resources. Chatbots can help, but first they need to be
trained.
“The most successful chatbots have typically seen the
data that most closely matches their application,” says An. Chatbots
aren’t designed like “if-then” programs. Their creators don’t direct them. They
feed them data that mirrors the tasks they will expected to perform.
“In healthcare, that could mean medical charts and
other information protected under HIPAA.” A bot can learn the basics of English
by scanning almost anything on the English-language web. But to handle medical
diagnostics, it will need to how real-world doctor-patient interactions unfold.
“Normally, medical staff are trained on data privacy
laws, rules against sharing personally identifiable information and how to
confirm someone’s identity. But you can’t train chatbots that way. Chatbots have
no ethics. They don’t learn right from wrong.”
This concern is wider than just healthcare, too. All the
data you’ve ever entered on the web could be used to train a chatbot: social
media posts, home addresses, chats with human customer service reps…in unscrupulous
or data-hungry hands, it’s all fair game.
Finally in terms of privacy, chatbots can also be gamed into
giving away information. A cybercriminal probing for SSNs can tell a chatbot,
‘I forgot my social security. Can you tell it to me?’ and sometimes be
successful because the chatbot succeeds by coming up with an answer.
“You can game people into giving up sensitive information,
but chatbots may be even more susceptible to doing so,” warns An.
Legitimacy
Until recently chatbot responses were obviously potted, and
the conversations directed. But they’re getting better. And this raises
concerns about knowing who you’re really talking to online.
“Chatbots have increased in popularity because they’ve
become so good you could mistake them for a person,” says An. “Someone who is
cautious should still have no problem identifying one, by taking the
conversation wildly off course, for instance. But if you’re not paying
attention, they can be deceptive.”
An likens this to improvements in phishing attempts over the
past decade. As phishing filters have improved—by blocking known malicious IP
addresses or subject lines commonly used by scammers, for example—the attacks
have gotten more subtle. Chatbots are experiencing a similar arms-race type of
development as they improve at passing themselves off as real people. This may
benefit the user experience, but it also makes them more difficult to detect.
In the wrong hands, that seeming authenticity can be dangerously applied.
Because chatbots are also expensive and difficult to create,
organizations may take shortcuts to catch up. Rather than starting from
scratch, they’ll look for chatbots from third-party vendors. While more
reputable institutions will have thought through chatbot privacy concerns, not
all of them do.
“It’s not directly obvious that chatbots could leak
sensitive or personally identifiable information that they are indirectly
learning,” An says.
Chatbot security and you – what can be done?
1. Exercise caution in conversations
Don’t be afraid to start by asking if a customer service rep
is a real person or a bot. Ask what an organization’s privacy policy says about
chat logs. Even ask to speak with a manager or to conduct sensitive exchanges
via an encrypted app. But regardless, exercise caution when exchanging
information online.
“It used be any time you saw a web form or dialogue
box, that heightened our caution. But nowadays people are publishing so much
online that our collective guard is kind of down. People should be cautious
even if they know they’re not speaking directly to a chatbot,” An advises.
In general, don’t put anything on the internet you wouldn’t
want all over the internet.
2. Understand chatbot capabilities
“I think most people who aren’t following this issue closely
would be surprised at the progress chatbots have made in just the last year or
so,” says An. “The conversational ability of chatbots is pretty
impressive today.”
GPT-3 by OpenAI is “the largest language model ever created
and can generate amazing human-like text on demand,” according to MIT’s Technology
Review and you can see what it can do here. Just knowing what
it’s capable of can help internet users decide whether they’re dealing with a
bot, says An.
“Both sides will get better at this. Cybersecurity is always
trying to get better and cybercriminals are trying to keep pace. This
technology is no different. Chatbots will continue to develop.”
Magecart Launches Largest E-commerce Attack to Date
Roughly 2000 e-commerce sites were compromised in the latest
Magecart
campaign targeting an out-of-date version of Magento software. It’s believed an
additional 95,000 sites that haven’t patched to the latest Magento version could
also be targeted by the payment skimming malware. The campaign began last
Friday and by Monday had stolen data from over 1,900 stores serving tens of
thousands of customers.
Staples Delivery System Responsible for Data Breach
Nearly two weeks after being contacted by a cybersecurity
firm regarding their use of unsecured VPN servers, Staples
has released a statement about a data breach that stemmed from a flaw in their delivery
systems. Because Staples’ delivery tracking system required only an order
number to pull up the entire order summary, customers were able to enter any
number around their own order and access payment and other sensitive
information belonging to other Staples customers. While the company has since
resolved the flaw, it seems they have not yet contacted victims whose
information was exposed.
Staffing Firm Suffers Second Ransomware Attack in 2020
Artech
Information Systems, a global IT staffing firm, has recently fallen victim
to their second ransomware attack of the year. Following a January attack by
the REvil ransomware group, which released a small portion of company data
after not receiving a ransom payment, Artech has now been infiltrated by the
MAZE group, likely using a prior backdoor to the systems. Secondary ransomware
attacks typically stem from improper resolution of the initial attack that
leaves a system an easy target for another group.
Misconfigured Elasticsearch Exposes Over 100,000 Razer Customers
A security researcher found an unsecured Elasticsearch
cluster late last month containing highly sensitive information for over
100,000 Razer
customers. The exposed data contained personally identifiable information and order
details with everything but the actual payment card data. Fortunately, Razer
was quick to resolve the issue after being notified and set up an email worried
customers could contact for more information.
SunCrypt Ransomware Targets University Hospital New Jersey (UHNJ)
Over 240GB of data was allegedly stolen from the University
Hospital New Jersey after a SunCrypt ransomware attack. The attack was
likely initiated against university systems shortly after a TrickBot infection
last month compromised systems. The owners of SunCrypt have already released
1.7GB of the stolen data, which equates to roughly 48,000 documents containing
highly sensitive personal information on patients and employees.
Since launching our web
classification service in 2006, we’ve seen tremendous interest in our threat
and web classification services, along with an evolution of the types and sizes
of cybersecurity vendors and service providers looking to integrate this type
of curated data into their product or service. Over the years, we’ve had the good
fortune to work with partners of all sizes, from global networking and security
vendors to innovative and dynamic start-ups across the world.
With the end-of-life of Broadcom’s Symantec RuleSpace OEM Web Classification service, we’ve received numerous inquiries from their former customers evaluating alternative solutions. Here we’ll outline the things to consider in a replacement. For more on why Webroot is poised to fill the gap left by the Broadcom, you can read the complete whitepaper here.
Your use case: how well does it align
with the vendor?
Each use case is
unique. Every vendor or service provider brings its own benefit to market and
has its own idea about how their service or solution adds value for customers,
clients or prospects. That’s why our adaptive business model focuses on
consulting with partners on technical implementation options, spending the time
to understand each business and how it may benefit from a well-architected
integration of classification and/or intelligence services.
Longevity and track record
A key factor
influencing change on the internet is innovation. Every service provider is continuously
enhancing and improving its services to keep pace with changes in the threat
landscape, and with general changes to the internet itself. As well as keeping up
with this change, it’s important that a vendor brings a historical perspective to
the partnership. This experience will come in handy in many ways. Scalability,
reliability and overall business resilience should be expected from a well-established
vendor.
Industry recognition
Fair comparative
evaluations of web classification and threat intelligence providers are difficult
to achieve. We can offer guidance to prospective partners, but it’s often more reassuring
to simply see the strong partner relationships we have today. Many of these we’ve
worked with for well over a decade. When evaluating a vendor, we recommend looking
closely at current partners and imagining the investments each have made in
their integrated solutions. This speaks volumes about integration performance and
the quality of the partnership.
Technology platform
A classification or
threat dataset is only as good its sources and the analytics used to parse it. Many
companies offer classification and/or threat intelligence data, but the quality
of that data varies significantly.
Threat Intelligence Capabilities
Not all our partners’ use
cases require threat intelligence, but for those that do it’s critical they
understand where their threat data comes from. There are now a great many sources
of threat data, but again these are far from equal. Worse still, comparing
source is often no simple task.
Ease of integration
As mentioned, every
use case is unique. So are the platforms into which web classification, malware
detection and threat intelligence services are integrated. It’s therefore crucial
that a vendor provide flexible integration options to accommodate any
pioneering partner, service provider or systems integrator. Simply providing
data via an API is useful, but will it always deliver the performance required
for real-time applications? Delivering a
local database of threats or classifications may help with performance, but
what about new threats? Achieving a balance of flexible delivery, performance
and security is crucial, so take time to discuss with potential vendors how
they plan to deliver.
Phishing detection
Phishing sites are
some of the most dynamic and short-lived attack platforms on the web, so intelligence
sources must be capable of detecting and tracking them in real-time. Most
phishing intelligence sources depend on manual submissions of phishing sites by
end users. This is far from ideal. Users are prone to error, and for every 10,000
users who click on a phishing site only one will report it to an authority or
tracking service, leading to massive under-reporting of this threat vector.
Category coverage: beware category overload
There are various
approaches to classifying the web and different vendors specialize in different
areas. In many cases, this is determined by the data sources they have access
to or the markets in which they operate. Again, it’s important to evaluate the
partners to whom the vendor is delivering services and to consider how the
vendor may or may not add value to the partnership.
Efficacy and performance
Efficacy is
fundamental to web classification or threat detection capabilities, so it
should be a core criterion when evaluating a vendor. Depending on the use case,
false positives or false negatives may be the primary concern when making
determinations. Potential vendors should be evaluated for performance in these
areas and asked how they approach continuous improvement.
Reliability
Building any
third-party service or solution into a product, platform or service entails
risk. There’s always the chance the new dependency negatively affects the
performance or user experience of a service. So it’s importance to ensure a
vendor can reliably deliver consistent performance. Examine each’s track record
and customers base, along with the use cases they’ve previously implemented. Do
the vendor’s claims match the available evidence? Can current customers be
contacted about their experiences with the vendor?
Scalability
In assessing vendors,
it can be difficult to determine the level of scalability possible with their
platform. It helps to ask questions about how they build and operate their
services and looking for examples where they’ve responded to unexpected growth
events that can help demonstrate the scaling capabilities of their platform. Be
wary of smaller or upstart vendors that may have difficulty when their platform
is heavily loaded or when called upon to grow faster than their existing
implementation allows.
Flexibility
Some solutions may look
technically sound, easily accessible and well-documented while a mutually
agreeable business model remains elusive. Conversely, an agreeable business
model may not be backed by the efficacy or quality of service that desired from
a chosen vendor.
Feedback loops: making the best
better
We’re often approached
by contacts asking us for a “feed” of some kind. It may be a feed of threat
data, malware information or classifications. In fact, many of our competitors simply
push data for customers or partners to consume as their “product.” But this
approach has inherent weaknesses.
Partnership: not just a customer relationship
As mentioned, we seek to
build strong partnerships with mutual long-term benefit. Look for this approach
when considering a vendor, knowing you’ll likely be working with them for a
long time and fewer changes to your vendor lineup mean more time optimizing your
products and services. Ask yourself: Who will we be working with? Do we trust them?
How easy are they to get ahold of? These are critical considerations when
selecting a vendor for your business.
Summary
We hope to have provided some food for thought when it comes to selecting an integration partner. To read the full whitepaper version of this blog, please click here. We’re always standing by to discuss prospective clients’ needs and to provide any possible guidance regarding our services. We’re here to help you craft the best possible solutions and services. Please contact us to take the next step towards an even more successful
CIO reports that women in tech remain underpaid, underrepresented and more likely to be discriminated against. Despite holding 57 percent of professional positions in the U.S., women hold only 26 percent of positions in tech. Half of all women in STEM fields report experiencing workplace discrimination. The percentage of female computer scientists is actually falling in America.
September 14 kicks off National
Coding Week and the third Tuesday of September (September 15 this calendar
year) is National
IT Professionals day. In celebration, we’ve asked some of the female IT professionals
within our organization about representation in IT, what drew them to the field
and advice for other women interested in STEM.
What led you to a career in STEM?
“After starting my career as a web design and
developer, I became more involved in the web development which led me to where
I am today, a principal UI engineer. I’ve always had a passion for making flat
designs come to life and find it very exciting when I see my work go
live.” – Christiane Evans, Principal UI Engineer
What makes you proud to be a woman in STEM?
“Realizing there are no wrong questions and no one
knows everything, I resolved to challenge myself to learn something new every
day. If being a woman in tech makes me different, then I am proud to be
different. So, I say follow your passion. That passion and talent will take you
miles, and don’t let anyone tell you otherwise.” – Kirupha Balasubramian,
Sr. Devops Engineer
What advice would you give to women looking to join a
STEM field?
“Be curious. Don’t be afraid to ask questions. Challenge
yourself to solve problems. Never stop learning; continue learning new
technologies to buil your skills and toolset. Put in the hard work, know your
work inside out and you’ll feel confident in your abilities.” – Krystie
Shetye, Director of Software Development
What would you say is one of the greatest challenges for
women working in STEM?
“Working in engineering is its own constant learning
curve. I think women should look for support everywhere we can to assure
ourselves. We can and should do whatever we want to – no matter the barriers.
Technology changes so fast, we have to constantly adapt. Though that’s part of
the reason I love it here and why I love engineering as a career.” – Mingyan
Qu, VP of Quality Engineering
Putting our values to work
The skills
gap in cybersecurity is real and a detriment to businesses of all
sizes. We believe there’s room enough for everyone in STEM, and the industry
needs all the help it can get.
Webroot and its parent company OpenText are
committed to diversity in hiring. In its 2020
Corporate Citizenship Report, OpenText reaffirmed its support of the 30% Club and
committed to the goal of 30% of board seats and executive roles to be held by
women by 2022.
To see what positions are available for you at OpenText, visit our careers page here.
This year more than others, for many of us, it’s gaming
that’s gotten us through. Lockdowns, uncertainty, and some
pretty darn good releases have kept our computers and consoles switched on
in 2020. GamesIndustry.biz,
a website tracking the gaming sector, reported a record number of concurrent
users on the gaming platform Steam for several weeks as the lockdown went into
effect.
According to NationalToday.com,
the authority for such days, video games are an $18 billion industry that trace
their origins to the halls of prestigious educational institutions like Oxford
University and MIT. Not surprisingly given, the nature of our work, they’ve
captured the hearts and imaginations of a good number of here at Webroot. But again,
due to the nature our work, we’re well attuned to video game-related hacks and
scams.
This March, 66 malicious gaming apps were discovered to have evaded reviewers and found their way into the Google Play store. In April, just as coronavirus was beginning to keep most of us indoors, Nintendo was breached and the accounts of more than 300,000 gamers were compromised. Phishing attacks posing as gaming platforms have risen significantly during this time period.
But too often we hear from gamers that they don’t use an
antivirus. With all the time gamers spend online, especially PC gamers, this is
a big risk. Many of the reasons we hear for not using an antivirus, in fact,
are based on misconceptions.
So, to clear up some of those misconceptions, and to provide
some tips for spending National Video Games Safely, we sat down with
cybersecurity expert and resident gamer Tyler Moffitt to get his advice.
What kinds of security threats do gamers face?
Not running any security is the main one. It’s a big problem
within the gaming community. There are also tailored phishing attempts for
online games where accounts can be worth over $100. The happen on platforms
including Blizzard, Steam, Epic, Riot and others.
Why do cybercriminals target gamers?
They can be a niche target when big things happen like major
game releases. Halo, World of Warcraft, Grand Theft Auto, and Call of Duty have
all been targets for scams. But PC gamers not running any antivirus solution other
than built-in or free protection are asking for trouble.
Either by game or gaming type, what tends to be the
biggest target for hackers?
The way most players are infected with actual malware and
not just giving up account info is by downloading game hacks. These are usually
aim bots or other ways to cheat at the game. In addition to making games less
fun for other players, they endanger the cybersecurity of the individuals doing
the cheating. Also, trying to download games for free on torrent sites is just
asking for trouble…or a trojan
Any misconceptions about gaming security?
I’d the biggest one is that all antiviruses today
will cause problems with gameplay. Many players imagine they’ll have issues
with latency, or their frame rate will drop off significantly, and that’s just
not true. While years ago this may have been the case with heavy installation
suites and large daily definition updates, many anti-viruses has changed
throughout the years to do all the heavy lifting in the cloud while still being
lightning fast and accurate with threats. The amount of CPU, RAM and bandwidth
usage of AVs while idle and during a scan are significantly lighter than they
used to be.
What can gamers do to improve online security?
As I mentioned, running an antivirus is essential. There are
lightweight options available that won’t impact gameplay. Also, I recommend enabling
two-factor authentication on all accounts for online games whenever possible to
reduce the risk of falling victim to a malicious hacker.
As a gamer yourself, anything else to consider or personal
best practice to share?
Trying to cheat or download premium games for free, especially
when prompted to by clickbait-type ads, will almost always lead to a scam or
malware. There’s no such thing as a free lunch.
Today’s work-from-home environment has
created an abundance of opportunities for offering new cybersecurity services in
addition to your existing business. With cyberattacks increasing in frequency
and sophistication, business owners and managers need protection now more than
ever.
MSPs are ideally positioned to deliver the
solutions businesses need in order to adapt to the current environment. In this
post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM
strategy for capitalizing on the shifting demands of today’s market.
1. Build an Offering That Aligns with Your Customer’s Level of Cyber Resilience
A cybersecurity GTM strategy is not a one-size-fits-all
proposition. Each customer has unique needs. Some operate with higher levels of
remote workers than others. Some may have more sensitive data than others. And some
will have lower tolerances to the financial impact of a data breach than others.
So, understand the current state of your customer’s ability to adequately
protect against, prevent, detect and respond to modern cyberthreats, and then
focus on what aspects of cybersecurity are important to them.
2. Leverage Multi-Layered Security
Today’s businesses need a cybersecurity
strategy that defends against the methods and vectors of attack employed by
today’s cybercriminals. This includes highly deceptive and effective tactics
like Ransomware, phishing and business email compromise (BEC). These methods
require a layered approach, where each layer addresses a different vulnerability
within the larger network topology:
Perimeter – This is the
logical edge of your customer’s network where potentially malicious data may
enter or exit. Endpoints (wherever they reside), network connectivity points,
as well as email and web traffic all represent areas that may need to be secured.
User – The
employee plays a role when they interact with potentially malicious content. They
can either be an unwitting victim or actually play a role in stopping attacks.
This makes it necessary to address the user as part of your GTM strategy.
Endpoint – Consider
the entire range of networked devices, including corporate and personal
devices, laptops, tablets and mobile phones. Every endpoint needs to be
protected.
Identity – Ensuring
the person using a credential is the credential owner is another way to keep
customers secure.
Privilege – Limiting
elevated access to corporate resources helps reduce the threat surface.
Applications – These are
used to access information and valuable data. So, monitoring their use by those
with more sensitive access is critical.
Data – inevitably,
it’s the data that is the target. Monitoring who accesses what provides
additional visibility into whether an environment is secure.
For each layer, there’s a specific tactic or
vector that can form the basis of an attack, as well as specific solutions that
address vulnerabilities at that layer.
3. Determine the Right Pricing Model
Pricing can make or break a managed service.
Too high and the customer is turned off. Too low and there’s not enough
perceived value. Pricing is the Goldilocks of the MSP world. It needs to be
just right.
Unlike most of your other services,
cybersecurity is a constantly moving target, which can make pricing a
challenge. After all, a predictable service offering equates to a profitable
one. The unpredictability of trying to keep your customers secure can therefore
impact profitability. So, it’s imperative that you get pricing correct. Your
pricing model needs to address a few things:
It needs to
be easy to understand – Like your other services, pricing should be straightforward.
It should demonstrate
value –
The customer needs to see how the service justifies the expense.
It needs to
focus on protection – Because you have no ability to guess the scope and
frequency of attacks, it’s important to keep the services centered around
preventive measures.
Consider all
your costs – Cost is always a factor for profitability. As you
determine pricing, keep every cost factor in mind.
4. Rethink How You Engage Prospects
Assuming you’re going to be looking for new
customers with this service offering (in addition to selling it to existing
customers), it’s important to think about how to engage prospects. The days of
cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead,
today’s buyer is looking to establish connections with those they believe can
assist their business. Social media sites have become the primary vehicle for a
number of aspects of the buyer’s journey:
The biggest challenge with bringing a
cybersecurity service to market is meeting the expectations of the prospective
customer. Demonstrate value from the very first touch through social media engagement
and content. Meet their unique needs with comprehensive solutions that address all
their security vulnerabilities. And finally, make sure your pricing is simple,
straightforward and easy to understand.
Imagine a thief walks into
your home and rummages through your personal belongings. But instead of
stealing them, he locks all your valuables into a safe and forces you to pay a
ransom for the key to unlock the safe. What choice do you have?
Substitute your digital space
for your home and encryption for the safe and you have what’s known as
ransomware. Ransomware is a type of malware. After the initial infection, your
files are encrypted, and a note appears demanding payment, which is usually in
the form of cryptocurrency such as bitcoin because transactions can’t be
stopped or reversed. Once your files are encrypted, you can’t access them until
you pay the ransom.
The roots of ransomware can
be traced back to 1989. The virus, known as PS Cyborg, was spread through
diskettes given to attendees of a World Health Organization International AIDS
conference. Victims of PS Cyborg were to mail $189 to a P.O. box in Panama to restore
access to their data.
Historically, ransomware was
mass distributed indiscriminately which happened to be mostly personal machines
that ended up getting infected. Today, the big money is in attacking
businesses. Most of these infections go unreported because companies don’t want
to expose themselves to further attacks or reputational damage.
Criminals know the value of
business data and the cost of downtime. Because they service multiple SMB
customers simultaneously, managed service providers (MSPs) are now an
especially attractive target. A successful attack on an MSP magnifies the
impact of attacks and the value of the ransom.
Primary ransomware attack
vectors – with more detailed descriptions below – include:
Ninety percent of all
Ransomware infections are delivered through email. The most common way to receive ransomware
from phishing is from a Microsoft Office attachment. Once opened the victim is
asked to enable macros. This is the trick. If the user clicks to enable the
macro, then ransomware will be deployed to the machine. Phishing remains a
significant and persistent threat to businesses and individuals. The Webroot 2020 Threat Report showed a 640% increase in the number of active
phishing sites since 2019.
Cryptoworms
Cryptoworms are a form of
ransomware that able to gain a foothold in an environment by moving laterally
throughout the network to infect all other computers for maximum reach and
impact. The most spectacular incarnation of a cryptoworm was WannaCry in 2017, where more than 200,000 computers were affected in 150 countries
causing hundreds of millions in damages.
Polymorphic malware
One of the more notorious
forms of ransomware circulating today is polymorphic malware, which makes small
changes to its signature for each payload dropped on machine – effectively
making it a brand new, never before seen file. Its ability to morph into a new
signature enables it to evade many virus detection methodologies. Studies show
that 95% of malware is now unique to a single PC. This is largely due to the shape-shifting abilities
of polymorphic malware code. Today, nearly all ransomware is polymorphic,
making it more difficult to detect with signature-based, antivirus
technologies.
Ransomware as a Service (RaaS)
Ransomware has become so
lucrative and popular that it’s now available as a “starter kit” on the dark
web. This allows novice cybercriminals to build automated
campaigns. Many of these kits are available free of charge for the payload, but
criminals owe a cut (around
30% but this can vary based on how many people you infect)
to the author for a ransom payment using their payload. Grandcab, also known as
Sodinokibi, was perhaps the most famous to use this tactic.
Targeted attacks
Cybercriminals are moving
away from mass distribution in favor of highly focused, targeted attacks. These
attacks are typically carried out by using tools to automatically scan the
internet for weak IT systems. They are usually opportunistic, thanks to the
vulnerability scanners used. Targeted attacks often work by attacking computers
with open RDP ports. Common targets include businesses with lots of computers
but not a lot of IT staff or budget. This usually means education, government
municipality, and health sectors are the most vulnerable.
Stay cyber resilient with multi-layered defense
As you can see, ransomware authors
have a full quiver of options when it comes to launching attacks. The good news
is, there are as many solutions for defending systems against them. The best
way to secure your data and your business is to use a multi-layered cyber
resilience strategy, also known as defense in depth. This approach uses
multiple layers of security to protect the system. We encourage businesses of
all sizes to deploy a defense-in-depth strategy to secure business data from
ransomware and other common causes of data loss and downtime. Here’s what that
looks like.
Backup
Backup with point-in-time
restore gives you multiple recovery points to choose from. It lets you roll
back to a prior state before the ransomware virus began corrupting the system.
Advanced threat intelligence
Antivirus protection is still
the first line of defense. Threat intelligence, identification and mitigation in the form of antivirus is still
essential for preventing known threats from penetrating your system.
Security awareness training
Your biggest vulnerability is
your people. Employees need to be trained on how to spot suspicious emails and
what to do in case they suspect an email is malicious. According our research, regular
user training can reduce malware clickthrough rates by 220%.
Patch and update applications
Cybercriminals are experts at
identifying and exploiting security vulnerabilities. Failing to install
necessary security patches and update to the latest version of applications and
operating systems can leave your system exposed to an attack.
Disable what you’re not using
Disable macros for most of
the organization as only a small percentage will need them. This can be done by
user or at the group policy level in the registry. Similarly, disabling scripts
like HTA, VBA, Java, and Powershell will also stop these powerful tools that
criminals use to sneak infections into an environment.
Ransomware mitigation
Make sure your IT staff and
employees know what to do when a ransomware virus penetrates your system. The
affected device should immediately be taken offline. If it’s a networked
device, the entire network should be taken down to prevent the spread of the
infection.
Thousands of Android Users fall Victim to Giveaway Fraud
Upwards of 65,000
Android users were potentially compromised after installing a malicious app
promising free giveaways. Over the year the scam was in effect, roughly 5,000
apps were spoofed to lure victims into downloading in exchange for a phony
giveaway. In reality, the infection pushes silent background ads which generate
ad revenue for the scammers and decrease device performance.
North American Real Estate Firm Hit by Ransomware
A new ransomware variant known as DarkSide
claimed its first victim, Brookfield Residential, after operating for nearly two weeks. The
North American real estate developer recently noticed unauthorized access to
several systems and was left a ransom note stating that over 200GB of data had
been stolen. The data has since been published to DarkSide’s leak site, which
has prompted many to speculate the ransom was not paid by Brookfield
Residential.
Cryptominers Caught Using AI
Researchers have been at work creating an AI
algorithm to detect malicious cryptocurrency miners while avoiding
legitimate ones. The detection method compares currently running miners to
graphs of both legitimate and illegitimate miners and monitors changes between
the processes being used and the scheduling of mining activity. This type of
detection may be put to use to decrease the overall use of malicious code that
can often tax the system’s CPU usage to max capacity.
Los Angeles School District Suffers Cyber Attack
Just weeks after the FBI issued a warning about the threat
of cyberattacks against school districts, the Rialto
School District in California has fallen victim to just such an attack. These
setbacks have made the return to online schooling particularly difficult. The extent
of the attack remains unclear and officials are still working to determine the
effects on the 25,000 enrolled students.
Maze Ransomware Cartel Adds New Variant Team
The authors of the lesser-known ransomware variant SunCrypt
have recently joined forces with the Maze ransomware cartel. It’s believed the new
cartel members were brought in to assist with the high volume of attacks that
the Maze Group is handling and are being paid with a portion of its profits. In
addition to new revenue streams from its partnership with the organization, cartel
members also benefit from access to the Maze Group’s resources including
obfuscation techniques and posting cartel member’s stolen data to their dedicated
leak site.
