The new Starbucks app makes it easy to treat your colleagues to coffee by sending a Starbucks eGift within Microsoft Teams this holiday season and beyond, plus new backgrounds from Starbucks to add holiday cheer to your meetings.
Microsoft 365 native app support for Apple Silicon Macs.
The post 4 ways Microsoft 365 is improving the experience for Mac users appeared first on Microsoft 365 Blog.
The cybersecurity industry and end-of-year predictions go together like Fall and football or champagne and the New Year. But on the heels of an unprecedented year, where a viral outbreak changed the landscape of the global workforce practically overnight, portending what’s in store for the year ahead is even trickier than usual.
One thing the cybersecurity experts at Webroot agree on is that work from home is here to stay for 2021, or at least it won’t recede to pre-pandemic levels in even the medium-term. What is likely to change is how companies respond to their remote workforces. The security measures they take (or don’t), the educational opportunities they provide (or fail to) and their commitment to innovation (or lack thereof) will likely separate the winners from the losers in the year ahead.
Yes, cybersecurity for remote workforces will likely be a prevailing concern throughout 2021, even following positive news on the vaccine development front, according to Webroot experts. Another prevailing theme from the professionals here, when asked to make their annual predictions for the new year, is that a cybersecurity skills gap will continue to haunt businesses and pose opportunities for those looking to start their careers in the field or make the switch to it. As such, automation and the adoption of AI technologies will be critical to plugging the gap.
Read on for more details from leading engineers, security analysts and product specialists from around our organization for complete cybersecurity predictions for 2021. Take heart because, whatever happens, 2020 won’t be easily outdone (knock on wood).
On remote workforces and the problem of personal devices
David Dufour, VP of engineering, Carbonite + Webroot
In 2021, many businesses will continue to operate remotely as a result of the pandemic and there must be an emphasis on training employees on security best practices, how to identify modern threats such as phishing, and where company data is being accessed and stored. Phishing is going to remain one of the most prominent ways to attack users and will become more sophisticated as it’s tailored to take advantage of work-from-home setups and distractions.
Grayson Milbourne, security intelligence director, Carbonite + Webroot
The biggest change for 2021 will be securing remote workforces and remote perimeters, which include home networks and home devices, particularly personal devices. These all add their own challenges. Home networks and their configurations are diverse. Many use out-of-date routers with insecure settings. Personal devices are often used for work and, as we saw in our 2020 Threat Report, are twice as likely as business devices to encounter infections. If not addressed, this could have a serious impact on businesses in the coming year.
Hal Lonas, CTO and SVP of SMB engineering, Carbonite + Webroot
We shouldn’t overlook the incredible societal and behavioral changes underway right now. These put all of us in new situations we’ve never encountered before. These new contexts create new opportunities for social engineering attacks like phishing and scare tactics to get us to open emails and click on fraudulent links.
Tyler Moffitt, Sr. security analyst, Carbonite + Webroot
It really doesn’t matter the company or the length of the work-from-home stint, one thing that’s constant is that professionals at home are using their personal devices and personal network. Securing the remote perimeter is going to be the biggest challenge for cybersecurity professionals now through 2021 because laptops issued to professional workforce are much more secure than personal devices.
Personal devices are twice as likely to be infected than business devices. Even more worrying, we saw with our new COVID-19 report that one-third of Americans will use personal devices when working from home. Businesses will need to account for that.
Jamie Zajac, VP of product management, Carbonite + Webroot
I predict that in 2021 vulnerable industries like hospitality, travel and retail will start to use even more remote access platforms like Square and others. This transfers a lot of control to a third-party, so it’s essential companies make sure their data is protected on their end, that their vendors are trustworthy and that their reputation is safe from the damage an internal breach could cause
On the cybersecurity skills shortage
Briana Butler, engineering services manager, Carbonite + Webroot
Moving forward, cybersecurity professionals will need greater data analysis skills to be able to look at large sets of data and synthesize the information so organizations can derive actionable value from it. In 2021, organizations need to start implementing programs to upskill their current cybersecurity workforce to focus on the skills they’ll need for the future such as analyzing complex data, developing algorithms, and understanding machine learning techniques.
David Dufour, VP of engineering, Carbonite + Webroot
The cyber skills gap will continue to be an issue in 2021 because companies continue to believe they understand cybersecurity and, as a result, tend to spend less on external cybersecurity resources. This leads to a feeling of false security and, unfortunately, inadequate security.
Cybersecurity requires a financial investment to truly meet an organizations’ needs and to enact processes for securing systems. It’s much more effective to invest in a few, solid security processes and to address gaps at the outset than it is to implement an inexpensive, broad security solution that falls short in key areas.
Hal Lonas, CTO and SVP of SMB engineering, Carbonite + Webroot
The pandemic has also changed the game for managed service providers (MSPs). They’re used to running a thin-margin business, but this has become even more difficult as their small business customers struggle. MSPs are fortunately heavily automated, but now they are under increasing pressure to deliver more with less. MSPs more than ever need automated solutions that make it easy for them to manage, secure and restore customers when incidents do occur. Some of that automation will come from AI, but auto-remediation, backup and restore capabilities are also important.
Looking ahead to 2021
Whatever 2021 is, at least 2020 will be over, right? But in all seriousness, the virus does not respect our calendar transitions and its implications will certainly bleed over into the New Year. Much has been made of a supposed “new normal,” but to truly arrive there, companies must account for the new realities of pervasive remote work and an exacerbated cybersecurity skills shortage.
If there’s one takeaway from our experts’ predictions for 2021, it’s that.
The post Remote Work is Here to Stay, and Other Cybersecurity Predictions for 2021 appeared first on Webroot Blog.
Hackers, never at a loss for creative deception, have engineered new tactics for exploiting the weakest links in the cybersecurity chain: ourselves! Social engineering and business email compromise (BEC) are two related cyberattack vectors that rely on human error to bypass the technology defenses businesses deploy to deter malware.
Social Engineering is when hackers impersonate trusted associates or acquaintances to manipulate people into giving up their passwords, banking information, date of birth or anything else that could be used for identity theft. As it turns out, it’s easier to hack our trust than our computers. Social engineering covers a range of tactics:
- Email from a friend or family member – A hacker gets access to the email password of someone you know. From there, they can send you a malicious link in an email that you’re more likely to click on because it came from someone you trust.
- Compelling story (pretexting) – This includes urgently asking for help. This can read like, “Your friend is in danger and they need your help immediately – please send me money right away so they can get treatment!”
- Standard phishing tactics – Phishing techniques include website spoofing emails appearing to come from an official source asking you to reset your password or confirm personal data. After clicking the link and entering the info, your security is compromised.
- “You’re a winner” notifications – Whether a lottery prize or a free trip to Cancun, this tactic catches many off guard. It’s known as “greed phishing” and it takes advantage our fondness for pleasure or weakness for the word “free.”
Business Email Compromise
Business email compromise is a targeted attack against corporate personnel, usually someone with the authority to request or fulfill a financial transaction. Victims execute seemingly routine wire transfers to criminals impersonating legitimate business associates or vendors.
This form of fraud relies on a contrived pretext to request a payment or purchase be made on the attacker’s behalf. According to the FBI, BEC attacks resulted in more than $26 billion (you read that right) between June 2016 and July 2019. Here are a few tips for protecting users and businesses from BEC attacks:
Slow down – BEC attacks combine context and familiarity (an email from your boss) with a sense of urgency (I need this done now!). This causes victims to lose their critical thinking capabilities.
Don’t trust, verify – Never use the same channel, in this case email, to verify the identity of the requester. Pick up the phone and call, or use video chat.
Prepare for the inevitable – Use all the technology at your disposal to ensure a BEC attack doesn’t succeed. Machine learning-enabled endpoint security solutions can help identify malicious sites.
Address the weakest link – Train users to spot BEC attacks. Webroot testing shows that phishing simulations can improve users’ abilities to spot attacks.
Perfecting Your Posture
Webroot Security Intelligence Director, Grayson Milbourne, offers several suggestions that companies can do to increase their security posture. First, he says, “Whenever money is going to be sent somewhere, you should have a two-factor verification process to ensure you’re sending the money to the right person and the right accounts.”
Milbourne is also a big advocate of security awareness training. “You can really understand the security topology of your business with respect to your users’ risk factors,” he says. “So, the engineering team might score one way and the IT department might score another way. This gives you better visibility into which groups within your company are more susceptible to clicking on links in emails that they shouldn’t be clicking.”
With the increase in scams related to the global COVID-19 pandemic, timely and relevant user education is especially critical. “COVID obviously has been a hot topic so far this year, and in the last quarter we added close to 20 new templates from different COVID-related scams we see out in the wild,” Milbourne says.
“When we look at first-time deployment of security awareness training, north of 40% of people are clicking on links,” Milbourne says. “Then, after going through security awareness training a couple of times, we see that number dip below 10%.”
Where to learn more
Our newest research on phishing attacks and user (over)confidence, “COVID-19 Clicks: How Phishing Capitalized on a Global Crisis” is out now, check it out!
Cybercrime surpasses $1Trillion in global costs
A recent study has put the global cost of cybercrime at over $1 trillion for 2020. This figure is up significantly from 2018, which was calculated at around $600 billion. And while most effects are financial, roughly 92% of affected organizations cited by the study reported additional issues stemming from cyberattacks. Over half took no measures to prevent or recover from common types of attack.
Major hosting provider affected by cyberattack
The worldwide hosting service provider Netgain was forced to take many of its servers and data centers offline following a recent ransomware incident. The attack occurred just before Thanksgiving and continues to cause intermittent outages for customers as the company works to restore their systems. Due to the volume of systems Netgain provides services for, they remain unsure how long customers will be inconvenienced by the fallout from this attack.
Default passwords compromising radiology equipment
Researchers have discovered that GE has implemented default passwords that can be easily found online across a wide range of medical equipment. These passwords, used by technicians to perform routine maintenance, could also be used illicitly to take control of the machines or cause them to malfunction. Users are unable to change these credentials on their own and require a certified GE tech to come to make on-site adjustments. While GE has stated it does not believe any unauthorized access has been identified, the critical nature of these machines makes this a high priority vulnerability.
Educational technology still lacking proper security
An alarming number of schools and educational institutions switching to remote learning have made no changes to their security policies or implemented any cybersecurity training for staff and/or students. Additionally, nearly 40 percent of the schools surveyed weren’t even able to provide devices for their employees or students to work remotely during the pandemic, though 70 percent had switched their regular communications to video conferencing services.
Payment card skimmers hiding in CSS
Camouflaging payment card skimmers into the CSS of compromised e-commerce site is the latest evasion tactic being used by cybercriminals. The skimmer is run by the Magecart group, which is known for successfully evading detection software and innovating to boost longevity on compromised systems. The embedded script launches during the checkout process by redirecting the customer to a new page where it begins stealing information entered into a form.
The post Cyber News Rundown: Global Cybercrime Costs Surpass $1 Trillion appeared first on Webroot Blog.