by Kyle Fiehler | Jun 16, 2020 | Managed Service Providers
As these times stress the bottom lines of businesses and
SMBs alike, many are looking to cut costs wherever possible. The problem for
business owners and MSPs is that cybercriminals are not reducing their budgets
apace. On the contrary, the rise in COVID-related scams has
been noticeable.
It’s simply no time to cut corners in terms of
cybersecurity. But there is hope. Cybersecurity, traditionally suffering from a
lack of qualified and experienced professionals, can be a source of savings for
businesses. How? Through the automation and efficiency that artificial intelligence
(AI) and machine learning can offer.
AI & ML in Today’s Cybersecurity Landscape
By way of background, Webroot has been collecting IT
decision makers’ opinions on the utility of AI and machine learning for years
now. Results have been…interesting. We’ve seen a steady rise in adoption not
necessarily accompanied by an increase in understanding.
For instance, during a 2017 survey of IT decision makers in
the United States and Japan, we discovered that approximately 74 percent of
businesses were already using some form of AI or ML to protect their
organizations from cyber threats. In 2018, 74 percent planned even further
investments.
And by 2019, of 800 IT professional cybersecurity
decisionmakers across the globe, a whopping 96 percent reported using AI/ML
tools in their cybersecurity programs. But, astonishingly, nearly seven out of
ten (68%) of them agreed that, although their tools claim to use AI/ML, they
aren’t sure what that means.
Read the full report: “Do AI and Machine Learning Make a Difference in Cybersecurity?”
So, are these tools really essential to securing the cyber
resilience of small businesses? Or are they unnecessary luxuries in an age of
tightening budgets?
AI and ML in the Age of Covid-19
Do AI and ML have something unique to offer businesses—SMBs
and MSPs alike—in this age of global pandemic and remote workforces?
We asked the topically relevant question to it to one of the
most qualified individuals on the planet to answer it: literal rocket
scientist, BrightCloud founder, and architect behind the AI/ML engine known as
the Webroot Platform, Hal Lonas.
Can AI and machine learning tools help people do their
jobs more effectively now that they’re so often remote?
Put directly, the Carbonite and Webroot CTO and senior VP’s
response was bullish.
“AI and machine learning tools can absolutely help
people do their jobs more effectively now more than ever,” said Lonas.
“Security professionals are always in short supply, and now possibly
unavailable or distracted with other pressing concerns. Businesses are facing
unprecedented demands on their networks and people, so any automation is
welcome and beneficial.”
In machine
learning, a subset of AI, algorithms self-learn and improve their findings
and results without being explicitly programmed to do so. This means a business
deploying AI/ML is improving its threat-fighting capabilities without
allocating additional resources to the task– something that should excite
cash-strapped businesses navigating tough economic realities.
Our AI/ML report backs up Lonas’s assertion that these
technologies make a welcome addition to most business security stacks. In fact,
94 percent of respondents in our survey reported believing that AI/ML tools
make them feel more comfortable in their role.
“People who use good AI/ML tools should feel more
comfortable in their role and job,” he asserts. “Automation takes
care of the easy problems, giving them time to think strategically and look out
for problems that only humans can solve. In fact, well-implemented tools allow
security workers to train them to become smarter—in effect providing the ‘learning’
part of machine learning. Each new thing the machine learns makes more
capable.”
AI/ML adopters also reported:
- An increase in automated tasks (39%)
- An increase in effectiveness at their job/role
(38%)
- A decrease in human error (37%).
- Strongly agreeing that the use of AI/ML makes
them feel more confident in performing their roles as cybersecurity
professionals. (50%)
So despite some confusion about the role these technologies
play in cybersecurity (which
we think vendors could help demystify for their clients), their effects are
clearly felt. And because cybercriminals
are willing to adopt AI/ML for advanced attacks, they may force the hands
of SMBs and MSPs if they want to keep up in the cybersecurity arms race.
Given today’s limited budgets, dispersed workforces, and increasingly
sophisticated attacks, the time may never be better to empower professionals to
do more with less by automating defenses and freeing them to think about
big-picture cybersecurity.
by Connor Madsen | Jun 12, 2020 | Industry Intel
Nintendo Accounts Breached
Stemming from a cyber-attack back in April, Nintendo
has just announced that roughly 300,000 user accounts have been compromised,
though most belong to systems that are now inoperable. From the excessive
unauthorized purchases, the attackers likely used credential-stuffing methods
to access accounts and make digital purchases through PayPal accounts that were
already logged in. Nintendo has since contacted the affected customers and has
begun pushing out mandatory password resets.
Kingminer Botnet Locks Down Entry Points Behind Them
After nearly two years of operation, the owners of the Kingminer
crypto jacking botnet have taken up a new tactic of patching the very
vulnerabilities they used to illicitly access systems. This implementation is
likely being used to block any other malicious campaigns from accessing the
compromised systems and net them larger profits. By using the EternalBlue
exploit and patching it behind themselves, they can brute force their way into
any vulnerable system and then keeping their own crypto mining scripts active
for an increased amount of time before being discovered.
Honda Shuts Plants After Ransomware Attack
Several Honda
plants around the world have recently closed due to a ransomware attack that
has targeted several manufacturing systems. The shutdown came only hours after
a new Snake ransomware sample was uploaded to Virus Total and was seen
attempting to contact an internal site belonging to Honda. Currently, officials
for Honda are still working to determine exactly what parts of their systems
were affected and if any personally identifiable information was compromised.
Scammers Created Fake SpaceX YouTube Channels to Steal Cryptocurrency
Multiple malicious YouTube accounts have changed their names
to keywords relating to SpaceX
in order to scam viewers out of Bitcoin cryptocurrency donations. While it
should be obvious that these channels are not the legitimate SpaceX account
based solely on the number of subscribers, the fake channels have also been
livestreaming old recorded SpaceX interviews with Elon Musk, to improve their
legitimacy. Unfortunately, during the livestreams, the channels promote
cryptocurrency scams in the chat section to entice other viewers to send in a
small amount of cryptocurrency with the promise of a significant amount more
being sent back.
Florence, Alabama Pays Ransom Demand
In the last week, officials for Florence,
Alabama have been working to negotiate with the authors of the DoppelPaymer
ransomware attack that took down the city’s email systems. Though the initial
ransom amount was 38 Bitcoins, or the equivalent of $378,000, the security team
that was brought in was able to drop the demand to 30 Bitcoins, or $291,000,
which the city has decided to pay. It is still unclear exactly what information
may have been stolen or accessed, the Mayor of Florence concluded that it was
best to just pay the ransom and hope their information is returned and their
systems are decrypted.
by Kyle Fiehler | Jun 9, 2020 | Managed Service Providers
Nestled within our chapter on malware in the 2020 Webroot Threat Report is a comparison of infection rates between business and personal devices. The finding that personal devices are about twice as likely as business devices to become infected was always significant, if not surprising.
But the advent of the novel coronavirus—a development that followed the publication of the report—has greatly increased the importance of that stat.
According to a joint study
by MIT, Stanford, and the National Bureau of Economic Research (NBER), more
than a third (34%) of Americans transitioned to working from home as a result
of COVID-19. They join approximately 14.6% of workers already working from home
to bring the total to nearly half the entire American workforce.
During remote work many employees are forced or simply able
to use personal devices for business-related activities. This presents unique
security concerns according to Webroot threat analyst Tyler Moffitt.
“In a business setting,” he says, “when
you’re given a corporate laptop it comes pre-configured based on what the IT
resource considers best practices for cybersecurity. This often includes group
policies, mandatory update settings, data backup, endpoint security, a VPN, et
cetera.”
Individuals, on the other hand, have much more freedom when
it comes to device security. They can choose to put off updates to browser
applications like Java, Adobe, and Silverlight, which often patch exploits that
can push malvertising.
They can opt to not install an antivirus solution or use a free version. They
can ignore the importance of backing up data altogether.
These risky practices threaten small and medium-sized
businesses (SMBs) both immediately and when workers gradually return to their
shared office spaces as the virus abates.
As our report notes, “With a higher prevalence of
malware and generally fewer security defenses in place, it’s easier for malware
to slip into the corporate network via an employee’s personal device.”
What’s at stake, for SMBs, is the loss of mission-critical
business data due to device damage, data theft via phishing and ransomware, and
GDPR and CCPA fines for data breaches. Any of these threats on their own could
be existential for SMBs.
What can businesses do to prevent BYOD-enabled data loss?
“Super small
businesses may not have the luxury of outlawing all use of personal devices,”
says Moffitt. “BYOD is a fact of life now, especially with so many individuals at
home, using home computers.”
But employers aren’t
out of luck entirely. They can still purchase for their employees, and
encourage the use of, several essential security tools. These include:
- Endpoint security software – Employers should provide endpoint security for home devices when necessary. When it comes to free solutions, you get what you pay for in terms of protection. Currently, there’s the expectation, especially among younger people, that built-in antivirus solutions are enough for blocking advanced threats. In reality, layered security is essential.
- Backup and recovery software – Many SMBs rely on online shared drives for collaborating. This is dangerous because a single successful phishing attack can unlock all the data belonging to a company. GDPR and CCPA fines don’t differentiate between data stolen from personal or business devices, so this level of risk is untenable. Make sure data is backed up off-site and encrypted.
- A VPN – IT admins or contractors should ensure that any sensitive company data requires a secure VPN connection. Especially with employees connecting on public or unsecure networks, it’s important to guard against snooping for data in transit.
- Secure RDPs – Remote access can be a great option when working from home, but it must be done securely. Too often unsecured RDP ports are the source of attacks. But, when encrypted and protected by two-factor authentication, they can be used to access secure environments from afar. Many are even free for fewer than five computers.
- User education – Security awareness training is one of the most cost-effective ways of protecting employees from attack on their own devices. Phishing attacks can be simulated and users in need of additional training provided it at very little additional cost. When compared to a data breach, the cost of a few licenses for security training is miniscule.
Collaboration over coercion
It’s difficult to mandate
security solutions on personal devices, but managers need to at least have this
conversation. Short of installing “tattleware,” this has to be a collaborative rather than a coercive effort.
“You can’t enforce a
group policy on a computer or a network that you don’t own,” reminds Moffitt.
“Ideally, yes, give each employee a corporate laptop to work at home that’s
securely configured. But if that’s not possible, work with employees to ensure
the right steps are taken to secure corporate data.”
Companies should
work with IT consultants to source high-performing versions of the solutions
mentioned above and cover their cost if it’s understood that personal devices
should be used during this period of working from home. If taken advantage of,
it can be an opportunity to foster a culture of cyber resilience and your organization will come out
stronger, wherever your employees are located.
by Connor Madsen | Jun 5, 2020 | Industry Intel
TrickBot Silently Targets Servers
Knowing that many domain controller servers are rarely
shutdown or rebooted, the authors of TrickBot
have made some changes to allow the infection to run from memory. While this
can be detrimental to the payload, as a reboot could easily remove it, the
stealth approach could let the infection cause major havoc on systems that
aren’t routinely restarted. Though TrickBot is normally dropped as a secondary
infection from Emotet, it’s taken this new stealth approach to move across
networks more easily.
Stenography Makes Leaps into Industrial Cyberattacks
Researchers have been following a new trend of incorporating
multiple levels of steganography
into cyber attacks focused mainly on large industries. The attacks are specified
for each victim, including a language localization script that only executes if
the local OS is in the right language and using macros to launch hidden malicious
PowerShell scripts that require no additional input. The scripts, when
executed, communicate with imgur.com or other image hosting sites to grab
pictures with malicious code hidden in the pixels that eventually drops an
encrypting payload.
Flaw in Apple Sign-in Nets Bounty Hunter $100,000
An authentication flaw has been discovered within the Apple sign-in feature for third-party sites that could
allow an attacker to forge fake accounts if the victim hadn’t chosen their own
email address to be identified. If a victim chooses not to do so, Apple creates
a unique email ID that is used to create a JSON web token (JWT) to sign in the
user. This could easily be forged alongside the email ID to gain unlimited
access to any account. The researcher who found the bug and reported it to the
Apple Security Bounty Program was rewarded with $100,000.
Ransomware Authors Begin Data Auction
The authors behind several prominent ransomware campaigns,
including Sodinokibi and REvil, have begun an auction
for stolen data on their dark web site. Currently, there are two auctions
active on the site, one with data belonging to an unnamed food distributor and
the other with accounting and financial information for an unnamed crop
production company from Canada. The auctions have starting prices of $55,000, along
with fees to be paid in Monero cryptocurrency because of its anonymity and ease
of direct payment from victims.
San Francisco Employee Retirement Database Compromised
A vendor conducting a test on a database belonging to the
San Francisco Employee Retirement Systems (SFERS)
recently noticed some unauthorized access to the database containing records on
74,000 members. Though the database didn’t contain Social Security Numbers, it did
contain a trove of personally identifiable information including names,
addresses, and birthdates. Fortunately, the database was using old data for the
test and had nothing newer than 2018. Nevertheless, SFERS officials are offering
credit and identity monitoring services for affected victims.
by Connor Madsen | Jun 3, 2020 | Industry Intel
Bank of America Breach Reveals PPP Information
After processing over 300,000 Paycheck Protection Program
applications, Bank
of America has revealed that a data breach occurred within the U.S. Small
Business Administration’s program that allowed all other SBA-authorized lenders
to view highly sensitive data. The data includes tax information and social
security numbers relating to both businesses and their owners and could have
extremely devastating effects in the wrong hands. Fortunately, the SBA secured
the compromised data within a day of being notified and Bank of America has
reached out to affected customers offering of two years of identity theft
protection. null
Bank of Costa Rica Suffers Data Breach
Threat actors working for the Maze group recently claimed to
have belonging to millions of Bank
of Costa Rica customer accounts, a claim that was quickly refuted by the
bank itself. Within a week, Maze began publishing proof of their bounty and
promised to continue posting records if the bank fails to improve their current
security. Maze also claimed to have accessed the bank’s systems on multiple
occasions to determine if security had improved but chose not to encrypt their
systems as the second breach occurred during the COVID-19 pandemic.
Old LiveJournal Breach Data Re-emerges
Researchers have been looking into a recent data dump that
appears to have originated from the 2014 LiveJournal
breach and contains over 33 million records up to 2017. It is hard to precisely
date the breach, as LiveJournal is a Russian-owned journaling service and never
reported it, though many LiveJournal users were targeted in a past spam
extortion email campaign. More recently, users of Dreamwidth, which shares the
LiveJournal codebase, has seen reports of compromised accounts.
Turla Hackers Grabbing Antivirus Logs to Check for Detection
One of the largest state-sponsored hacker groups, Turla,
has turned their attention to accessing antivirus logs on infected systems to
determine if their malicious activity has been discovered. With the use of
ComRAT V1 (and later versions), Turla has been gaining highly sensitive
information from major national organizations for over a decade and continues
to improve on their methods. By viewing the logs created by local antivirus
software, the attackers can adjust more quickly to avoid future detections.
New COVID-19 Tracker Drops [F]Unicorn Ransomware
The latest to capitalize on the public’s pandemic fears, a
new fake COVID-19 tracing app has been targeting systems in Italy by dropping a
new ransomware variant dubbed [F]Unicorn.
The malicious payload comes disguised as a file from the Italian Pharmacist
Federation. It then directs the victim to a beta version of the
yet-to-be-released Immuni tracing app, showing a fake tracing dashboard as the
encryption process begins. The ransomware demands a 300-Euro payment but displays
an invalid email address, so users would be unable to prove payment to the
attackers even if they choose to pay.
by Kyle Fiehler | Jun 2, 2020 | SMBs
Working from home is no longer something some of us can get
away with some of the time. It’s become essential for our health and safety. So,
what does the future of work look like in a post-COVID
world?
We asked some of our cybersecurity and tech experts for their
insights, which we’ll be presenting in a series entitled The Future of Work. In
this installment, we’ll cover the qualities that will separate companies able
to make smooth transitions to new ways of working from those that can’t. Plus,
we’ll examine the effects the pandemic and our response to it have on workplace
culture.
What are hallmarks of organizations that will successfully navigate our new workplace realities?
The COVID-19 crisis has forced employers to more fully
consider the broader humanity of their employees. With parents becoming
teachers and caretakers for ill, often elderly loved ones, greater levels of
empathy are required of management. Now, with a lagging world economy and even
experts unsure of what
shape the current recession will take, financial stress will likely be
added to the long list of anxieties facing the modern workforce.
As remote work continues to be a norm in industries like
tech, boundaries between home and work life will continue to be murky. This,
says Webroot product marketing manager George Anderson, presents opportunities
for effective leaders to stand out from their peers.
“Leadership matters now more than ever,” says
Anderson, “and being truthful matters even more. Your staff is worried,
and platitudes won’t help. They need real communication based on real facts
explaining why a company is making certain decisions. Being empathetic, sharing
in employee concerns, involving and demonstrating how you value your staff—whether
at executive or managerial level—will impact loyalty, dedication, and future
business performance.”
Forbes
notes that a more empathetic work culture is a silver lining arising from the
pandemic that won’t be easily undone. We now know not just our coworkers’
personalities, but also their home office setups, their pets, children, and
even their bookshelves. That fuller understanding of the person behind the
position will hopefully lead to an enduring human-centric shift in the
workplace.
Long-term, how will office culture change? What policies should change once everyone is physically back at work?
Relatedly, office cultures are likely to change in
irreversible ways. Even as we return to physical offices, large events like
company all-hands meetings may be attended virtually from personal workspaces,
and large team lunches may become rarities. Companies may even choose to
alternate days in and out of the office to keep the overall office population
lower.
“People will become more comfortable with video
calling, screen sharing, and online collaboration,” predicts Anderson,
“even between colleagues present in the same office. Boundaries will
become blurred and we will find new ways to stay in touch and maintain our
human connections by leveraging advanced collaboration solutions in new but
secure ways.”
Personal hygiene will also undoubtedly become a bigger aspect of physical office culture. In its guidelines for safely returning to work, the CDC recommends installing a workplace coordinator charged with implementing hygiene best practices office wide. Suggested measures include increasing the number of hand sanitizing stations available to workers, relaxing sick leave policies to discourage ill workers from coming to the office, modernizing ventilation systems, and even daily temperature checks upon entering the building.
“Some of these hygiene measures will be single events, not
the future of office work,” notes Anderson. “Others will have more long-term
impacts on the way we work together.”
Given the visible impact some measures will have around the
office, it will be impossible for them to not affect culture. Because routines
like temperature checks may be considered intrusive, it’s important the
reasoning behind them be communicated clearly and often. Stressing a culture of
cleanliness as a means of keeping all workers healthy and safe can enforce a
common bond.
Cybersecurity remains imperative
Cyber resilience isn’t the only aspect of overall business
resilience being tested by COVID-19, but it’s a significant one. The cyber
threats facing today’s remote workforces differ in key ways from those faced in
the past, so its important companies reevaluate their cyber defense strategies.
To do our part to help, we’re extending free
trials on select business products to 60 days for a limited time. Visit our free
trials page or contact
us for more information.
by Tyler Moffitt | May 26, 2020 | Business + Partners, Managed Service Providers, SMBs
Our 2020 Threat Report
shows increasing risks for businesses and consumers still running Windows 7, which
ceased
updates, support and patches earlier this year. This creates security gaps
that hackers are all too eager to exploit. In fact, according to the report, malware
targeting Windows 7 increased by 125%. And 10% of consumers and 25% of business
PCs are still using it.
Webroot Security Analyst Tyler
Moffitt points out that a violation due to a data breach could cost a business $50
per customer per record. “For one Excel spreadsheet with 100 lines of records,
that would be $50,000.” Compare that with the cost of a new workstation that
comes pre-installed with Windows 10 at around $500, and you quickly realize the
cost savings that comes with offloading your historic OS.
Windows 10 also has the added
advantage of running automatic updates, which reduces the likelihood of
neglecting software patches and security updates. Continuing to run Windows 7
effectively more than doubles the risk of getting malware because hackers scan
for old environments to find vulnerable targets. Making matters worse, malware
will often move laterally like a worm until it finds a Windows 7 machine to
easily infect. And in a time when scams
are on the rise, this simple OS switch will ensure you’re not the weakest
link.
While businesses are most vulnerable
to Windows 7 exploits, consumers can hardly breathe easy. Of all the infections
tracked in the 2020 Threat Report, the majority (62%) were on consumer devices.
This does, however, create an additional risk for businesses that allow workers
to connect personal devices to the corporate network. While employees work from
home in greater numbers due to COVID-19, this particular security risk will remain
even higher than pre-pandemic levels.
Layers are key
As Moffitt points out, no solution
is 100% safe, so layering
solutions helps to ensure your cyber resilience is strong. But there is one
precaution that is particularly helpful in closing security gaps. And that’s
security awareness training. “Ninety-five percent of all infections are the
result of user error,” Moffitt says. “That means users clicking on something
they shouldn’t thus infecting their computer or worse, a entire network.”
Consistent training – 11 or more courses or phishing simulations over a four-
to six-month period – can significantly reduce the rate at which users click on
phishing simulations.
Also, by running simulations, “you
get to find out how good your employees are at spotting scams,” Moffitt says.
“If you keep doing them, users will get better and they will increase their
efficacy as time goes on.”
The best way to close any gaps in
protection you may have is to deploy a multi-layered cyber
resilience strategy, also known as defense-in-depth. The first layer is
perimeter security that leverages cloud-based threat intelligence to identify advanced,
polymorphic attacks. But since cyber resilience is also about getting systems
restored after an attack, it’s also important to have backups that enable you
to roll back the clock on a malware infection.
With so many people working from
home amid the global coronavirus pandemic, it’s increasingly critical to ensure
cyber resilient home environments in addition to business systems. Find out
what major threats should be on your radar by reading our complete 2020 Threat Report.
by Grayson Milbourne | May 19, 2020 | Business + Partners, SMBs
There’s a
pretty common misconception among small businesses and medium-sized businesses
(SMBs) that hackers only target large organizations. Unfortunately, this belief
couldn’t be further from the truth. In fact, according to the most recent
Verizon Data Breach Investigations Report, more than 70%
of cyberattacks target small businesses. Additionally, many attacks are now
shifting to target managed service providers (MSPs), specifically because
breaching an MSP can give hackers access to their entire SMB customer base.
Why are hackers
targeting SMBs?
Simply put—
it’s easy money. First, the smaller the business is, the less likely it is to
have adequate cyber defenses. Moreover, even larger SMBs typically don’t have
the budgets or resources for dedicated security teams or state-of-the-art
intrusion prevention. On top of that, smaller businesses often lack measures
like strong security policies and cybersecurity education
programs for end users, so common vulnerabilities like poorly trained users, weak
passwords, lax email security, and out-of-date applications make SMBs prime
targets.
What’s more:
some hackers specialize in breaching specific business types or industries,
refining their expertise with each new attack.
Which business types are
in the cross hairs?
Realistically
speaking, the majority of businesses face similar amounts of risk. However,
some industries do tend to be targeted more often, such as finance or
healthcare. Here are some of the business types that are currently topping
hacking hit lists.
Managed
Service Providers
MSPs hold a lot of valuable data for
multiple customers across industries, which makes them desirable targets. Hackers
use a technique known as “island hopping”, in which they jump from one business
to another via stolen login credentials. MSPs and their SMB customers are both
potential targets of these attacks.
Healthcare
Organizations
Hospitals, physical therapy offices,
pediatricians, chiropractors, and other healthcare practices are easy targets
for cybercrime because they can have such chaotic day-to-day operations, and
because they often lack solid security practices. In addition, medical data and
research can extremely valuable. Patient records alone can sell for up
to $1,000 or more on the dark web.
Government
Agencies
There are many reasons that
cybercriminals, particularly nation-state terrorists, might target local and
national governments. In particular, small governments and local agencies
generate troves of sensitive information, while large governments can be
victims of nationwide disruption, either for financial gain or sheer
destruction.
Financial
Institutions
You probably aren’t surprised by this
list item. Banks, credit unions, and other financial institutions have long
been targets for hackers due to a wealth of data and money. Only a few years
ago in 2018, over
25% of all malware attacks targeted banks––that’s more than any other
industry. More recently, automation has further enabled cybercriminals to run
advanced attacks on financial institutions at scale.
Celebrities,
Politicians, and High-Profile Brands
Hacktivists, who are usually
politically, economically, or socially motivated, like to seek out politicians,
celebrities, and other prominent organizations as targets. They may even
attempt to embarrass public figures or businesses by stealing and disseminating
sensitive, proprietary, or classified data to cause public disruption, or for
private financial gain via blackmail.
What are your next steps?
The only real
requirement for becoming a hacking target is having something that hackers
want, which means all businesses are at risk. Luckily, a few relatively
straightforward tips can go a long way in keeping your business secure.
Think Like a
Hacker
Cybersecurity awareness training with phishing
simulations is a vital component of an effective protection strategy. In fact,
Webroot’s own research found that regular training over just 4-6 months reduced
clicks on phishing links by
65%. Understanding hacker practices and motivations can help you predict
potential threats and thwart attacks.
Lock Down Your
Business First
The right security layers can protect you from
threats on all sides. If you haven’t already, check out our free Lockdown
Lessons, which include a variety of guides, podcasts, and webinars designed
to help MSPs and businesses stay safe from cybercrime.
Embrace
Comprehensive Cyber Resilience
Being resilient in the face of cybercrime doesn’t
just mean having powerful, automated endpoint threat detection in place. It
also means having security layers that can protect your business and clients
front and back. That includes layers like security awareness training, as well
as network protection and strong backup and disaster recovery services. The
best defense is prevention, and by preventing attacks and planning your
recovery proactively, you’ll be ready to bounce back right away at the first
sign of trouble.
Hackers have
diverse means and motives, so it’s up to you to know their methods and prepare
your business and customers to block advanced threats.
To get
started on the road to cyber resilience, you can learn more about Webroot®
Business Endpoint Protection or take a free trial here.
by Cathy Yang | May 13, 2020 | SMBs
If you’ve
been working in the technology space for any length of time, you’ve undoubtedly
heard about the rising importance of artificial intelligence (AI) and machine
learning (ML). But what can these tools really do for you? More
specifically, what kinds of benefits do they offer for cybersecurity and
business operations?
If you’re
not so sure, you’re not alone. As it turns out, although 96% of global IT
decision-makers have adopted AI/ML-based cybersecurity tools, nearly 7 in 10 admit
they’re not sure what these technologies do.
We surveyed 800 global IT decision-makers across the U.S., U.K., Japan, and Australia/New Zealand about their thoughts on AI and ML in cybersecurity. The report highlighted a number of interesting (and contradictory) findings, all of which indicated a general confusion about these tools and whether or not they make a difference for the businesses who use them. Additionally, nearly 3 out of 4 respondents (74%) agreed that, as long as their protection keeps them safe from cybercriminals, they really don’t care if it uses AI/ML.
Here’s a
recap of key findings based on responses from all 4 regions.
- 91% say they understand and research their
security tools, and specifically look for ones that use AI/ML.
- Yet 68% say that, although their tools claim to
use AI/ML, they aren’t sure what that means.
- 84% think their business has all it needs to
successfully stop AI/ML-based cyberattacks.
- But 86% believe they could be doing more to
prevent cyberattacks.
- 72% say it is very important that cybersecurity
advertising mention the use of AI/ML.
- However, 70% of respondents believe cybersecurity
vendors’ marketing is intentionally deceptive about their AI/ML-based services.
AI and ML matter because automation matters
As we’ve
all had to adjust to “the new normal”, IT professionals have had to tackle a
variety of challenges. Not only have they had to figure out how to support a
massive shift to working from home, but they also have to deal with the
onslaught of opportunistic online scams
and other cyberattacks that have surged amidst the chaos around COVID-19.
With all
of us working to adapt to these new working conditions, it’s become clear tools
that enable automation and productivity are pretty important. That’s where I
want to highlight AI and ML. In addition to how AI/ML-based cybersecurity can
drastically accelerate threat detection—and even predict shifts and emerging
threat sources—these technologies can also make your workforce more efficient,
more effective, and more confident.
While
many of our survey respondents weren’t sure if AI/ML benefits their
cybersecurity strategy, a solid percentage saw notable improvements in workforce
efficiency after implementing these tools. Let’s go over those numbers.
- 42% reported an increase in worker productivity
- 39% saw increases in automated tasks
- 39% felt they had more time for training,
learning new skills, and other tasks
- 38% felt more effective in their jobs
- 37% reported a decrease in human error
As
you can see, the benefits of AI and ML aren’t just hype, and they extend well
beyond the cybersecurity gains. Real numbers around productivity, automation, time
savings, and efficacy are pretty compelling at the best of times, let alone
when we’re dealing with sudden and drastic shifts to the ways we conduct
business. That’s why I can’t stress the importance of these technologies
enough—not only in your security strategy, but across your entire toolset.
Where to learn more
Ultimately,
AI and ML-based tools can help businesses of all sizes become more resilient
against cyberattacks—not to mention increase automation and operational
efficiencies—but it’s important to understand them better to fully reap the
benefits they offer.
While
there’s clearly still a lot of confusion about what these tools do, I think
we’re going to see a continuation of the upward trend in AI/ML adoption. That’s
why it’s important that IT decision-makers have the resources to educate
themselves about the best ways to implement these tools, and also look to
vendors who have the historical knowledge and expertise in the space to guide
them.
“Realistically,
we can’t expect to stop sophisticated attacks if more than half of IT decision
makers don’t understand AI/ML-based cybersecurity tools. We need to do better.
That means more training and more emphasis not only on our tools and their
capabilities, but also on our teams’ ability to use them to their best
advantage.”
–
Hal Lonas, SVP and CTO for SMB and Consumer at OpenText.
For
further details about how businesses around the world are using AI and ML,
their plans for cybersecurity spending, and use cases, download a copy of the full
AI/ML report.
And
if you still aren’t sure about AI/ML-based cybersecurity, I encourage you to
read our white paper, Demystifying AI in Cybersecurity, to gain
a better understanding of the technology, myth vs. reality, and how it benefits
the cybersecurity industry.
by Connor Madsen | May 12, 2020 | Industry Intel
Adult Website Leaks Trove of Sensitive Data
An recently discovered unsecured database belonging to the
adult streaming site Cam4
was found to contain nearly 11 billion unique records amounting to seven terabytes
of data. For a site with billions of visitors each year, the exposed data could
affect millions who have visited the site since March 16 of this year, and could
be used to further harm individuals whose connection to the site could be
politically or socially sensitive. While the database was quickly taken
offline, an analysis of the data showed that, though much of the data belonged
to U.S. citizens, millions of others were from South America and Europe.
Hundreds of COVID-19 Scam Sites Taken Down by HMRC
Her Majesty’s Revenue & Customs (HMRC)
has recently taken down nearly 300 COVID-related scam sites and domains. Hackers
are opportunistic and have taken to preying on people trying to get information
on the current pandemic but are finding themselves as victims of financial scams
and phishing attempts. Fortunately, many organizations have taken up the cause
of identifying and removing these harmful sites.
Nearly One Million WordPress Sites Under Attack
At least 24,000 unique IP addresses have been identified in
a series of on-going attacks targeting vulnerabilities in more than 900,00 WordPress
sites. Many vulnerabilities have been patched in recent months, but some sites
have yet to update their plugins and remain at risk. The attacks inject malicious
scripts into website headers when the WordPress user is logged in. Otherwise,
the victim is redirected to another malicious advertisement, in hopes of
gaining some profitable information.
Tokopedia Breach Leaves 91 Million User Records Up for Grabs
Over 91 million user records belonging to Tokopedia,
a major Indonesian e-commerce firm, were recently found for sale on a dark web.
The sale offered records for 15 million individual, likely stolen during a
security incident in March, for $5,000. With millions of users and merchants
using the site regularly, the company has issued a notice for users to change passwords
as they investigate the breach.
Ransomware Demanding More as Corporations Continue to Payout
In recent fiscal quarters, the earnings for Sodinokibi and Ryuk ransomware have been rising steadily as SMBs and corporations are increasingly paying ransoms for data. Over the first quarter of 2020, the average ransom payout hovered around $111,000. A year prior, the average neared only $12,000 for large companies, typically very willing to pay for the quick return of their data, so limiting the amount of downtime an attack may cause. The top earning ransomware variants, Ryuk and Sodinokibi, both have shifted their focus from service providers to carefully targeted large corporations and have even pushed ransom demands over $1 million in some instances.
