PC PORTAL

Experienced. Trusted. Solutions.

Business + Partners

By

Cloud Services in the Crosshairs of Cybercrime

Reading Time: ~3 min.

It’s a familiar story in tech: new technologies and shifting preferences raise new security challenges. One of the most pressing challenges today involves monitoring and securing all of the applications and data currently undergoing a mass migration to public and private cloud platforms.

Malicious actors are motivated to compromise and control cloud-hosted resources because they can gain access to significant computing power through this attack vector. These resources can then be exploited for a number of criminal money-making schemes, including cryptomining, DDoS extortion, ransomware and phishing campaigns, spam relay, and for issuing botnet command-and-control instructions. For these reasons—and because so much critical and sensitive data is migrating to cloud platforms—it’s essential that talented and well-resourced security teams focus their efforts on cloud security.

The cybersecurity risks associated with cloud infrastructure generally mirror the risks that have been facing businesses online for years: malware, phishing, etc. A common misconception is that compromised cloud services have a less severe impact than more traditional, on-premise compromises. That misunderstanding leads some administrators and operations teams to cut corners when it comes to the security of their cloud infrastructure. In other cases, there is a naïve belief that cloud hosting providers will provide the necessary security for their cloud-hosted services.

Although many of the leading cloud service providers are beginning to build more comprehensive and advanced security offerings into their platforms (often as extra-cost options), cloud-hosted services still require the same level of risk management, ongoing monitoring, upgrades, backups, and maintenance as traditional infrastructure. For example, in a cloud environment, egress filtering is often neglected. But, when egress filtering is invested in, it can foil a number of attacks on its own, particularly when combined with a proven web classification and reputation service. The same is true of management access controls, two-factor authentication, patch management, backups, and SOC monitoring. Web application firewalls, backed by commercial-grade IP reputation services, are another often overlooked layer of protection for cloud services.

Many midsize and large enterprises are starting to look to the cloud for new wide-area network (WAN) options. Again, here lies a great opportunity to enhance the security of your WAN, whilst also achieving the scalability, flexibility, and cost-saving outcomes that are often the primary goals of such projects.  When selecting these types of solutions, it’s important to look at the integrated security options offered by vendors.

Haste makes waste

Another danger of the cloud is the ease and speed of deployment. This can lead to rapidly prototyped solutions being brought into service without adequate oversight from security teams. It can also lead to complacency, as the knowledge that a compromised host can be replaced in seconds may lead some to invest less in upfront protection. But it’s critical that all infrastructure components are properly protected and maintained because attacks are now so highly automated that significant damage can be done in a very short period of time. This applies both to the target of the attack itself and in the form of collateral damage, as the compromised servers are used to stage further attacks.

Finally, the utilitarian value of the cloud is also what leads to its higher risk exposure, since users are focused on a particular outcome (e.g. storage) and processing of large volumes of data at high speeds. Their solutions-based focus may not accommodate a comprehensive end-to-end security strategy well. The dynamic pressures of business must be supported by newer and more dynamic approaches to security that ensure the speed of deployment for applications can be matched by automated SecOps deployments and engagements.

Time for action

If you haven’t recently had a review of how you are securing your resources in the cloud, perhaps now is a good time. Consider what’s allowed in and out of all your infrastructure and how you retake control. Ensure that the solutions you are considering have integrated, actionable threat intelligence for another layer of defense in this dynamic threat environment.

Have a question about the next steps for securing your cloud infrastructure? Drop a comment below or reach out to me on Twitter at @zerobiscuit.

The post Cloud Services in the Crosshairs of Cybercrime appeared first on Webroot Blog.

By

Why Simplified Security Awareness Training Matters for MSPs and SMBs

Reading Time: ~3 min.

In a recent report by the firm 451 Research, 62% of SMBs reported having a security awareness training program in place for their employees, with half being “homegrown” training courses. The report also found that most complained their programs were difficult to implement, track, and manage.

Like those weights in the garage you’ve been meaning to lift or the foreign language textbook you’ve been meaning to study, even our most well-intentioned efforts flounder if we’re not willing to put to use the tools that can help us achieve our goals.

So it goes with cybersecurity training. If it’s cumbersome to deploy and manage, or isn’t able to clearly display its benefits, it will be cast aside like so many barbells and Spanish-language dictionaries. But unfortunately, until now, centralized management and streamlined workflows across client sites have eluded the security awareness training industry.

The Importance of Effective Security Awareness Training

The effectiveness of end user cybersecurity training in preventing data breaches and downtime has been demonstrated repeatedly. Webroot’s own research found security awareness training cut clicks on phishing links by 70 percent, when delivered with regularity. And according to the 2018 Data Breach Investigation Report by Verizon, 93 percent of all breaches were the result of social engineering attacks like phishing.

With the average cost of a breach at around $3.62 million, low-overhead and effective solutions should be in high demand. But while 76 percent of MSPs reported using some type of security awareness tool, many still rely on in-house solutions that are siloed from the rest of their cybersecurity monitoring and reporting.

“MSPs should consider security awareness training from vendors with cybersecurity focus and expertise, and who have deep visibility and insights into the changing threat landscape,” says 451 Research Senior Analyst Aaron Sherrill.

“Ideally, training should be integrated into the overall security services delivery platform to provide a unified and cohesive approach for greater efficacy.”

Simple Security Training is Effective Security Training

Security awareness training that integrates with other cybersecurity solutions—like DNS and endpoint protection—is a good first step in making sure the material isn’t brushed aside like other implements of our best intentions.

Global management of security awareness training—the ability to initiate, monitor, and report on the effectiveness of these programs from a single pane of glass across all of your customers —is the next.

When MSPs can save time by say, rolling out a simulated phishing campaign or training course to one, many or allclient’s sites across the globe with only a few clicks, they both save time and money in management overhead, and are more likely to offer it as a service to their clients. Everyone wins.

With a console that delivers intuitive monitoring of click-through rates for phishing campaigns or completion rates for courses like compliance training, across all client sites, management is simplified. And easily exportable phishing and campaign reports help drive home a client’s progress.

“Automation and orchestration are the force multipliers MSPs need to keep up with today’s threats and provide the best service possible to their clients,” says Webroot SVP of Product Strategy and Technology Alliances Chad Bacher.”

So as a growing number of MSPs begin to offer security awareness training as a part of their bundled services, and more small and medium-sized businesses are convinced of its necessity, choosing a product that’s easy to implement and manage becomes key.

Otherwise, the tool that could save a business from a breach becomes just another cob-webbed weight bench waiting for its day.

To learn about security training that’s effective, efficient, and easy to use, read about our new Webroot® Security Awareness Training release.

The post Why Simplified Security Awareness Training Matters for MSPs and SMBs appeared first on Webroot Blog.

By

A Cybersecurity Checklist for Modern SMBs

Reading Time: ~5 min.

The landscape of digital security is rapidly shifting, and even the largest tech giants are scrambling to keep up with new data regulations and cybersecurity threats. Small to medium-sized businesses (SMBs) are often left out of these important conversations, leaving themselves — and their users — vulnerable. In an effort to combat this trend, Webroot conducted a survey of more than 500 SMB IT leaders in the UK, revealing common blind spots in SMB cybersecurity practices. As businesses around the globe grapple with similar change, our Size Does Matter: Small Businesses and Cybersecurity report offers insight and guidance for companies regardless of geography. 

The biggest takeaway? We turned to Webroot’s Senior Director of Product Strategy Paul Barnes for his thoughts.

“The damage from data loss or downtime often means substantial financial and reputational losses, sometimes even leading to a business no longer being viable. A key learning for all small businesses should be to stop hiding behind your size. Instead, become educated in the risks and make your security posture a differentiator and business driver.”

When you’re putting together a cybersecurity checklist, you’ll need to do one thing first: check your preconceived notions about SMB cybersecurity at the door. Your business is not too small to be targeted. The data you collect is both valuable and likely vulnerable, and a costly data breach could shutter your business. More than 70% of cyberattacks target small businesses, with 60% of those going out of business within six months following their breach. With both the threat of hackers and the looming possibility of increased GDPR-style data regulatory fines, your small business cannot afford to be underprepared.

The first step to a fully realized cybersecurity program? An unflinching look at your company’s resources and risk factors.

“Understand what you have, from a technology and people perspective, and the risks associated with loss of data or operations, whether through externally initiated attacks or inside threats,” advised Barnes. “This will allow you to plan and prioritise next steps for protecting your business from attack.”

For established SMBs, this type of internal review may seem overwhelming; with so many employees already wearing so many hats, who should champion this type of effort? Any small business that is preparing to modernize its cybersecurity protocols should consider bringing in a managed service provider (MSP) to do an internal audit of its systems and to report on the company’s weaknesses and strengths. This audit should serve as the backbone of your cybersecurity reform efforts and — depending on the MSP — may even give you a security certificate that can be used for marketing purposes to differentiate your brand from competitors.

With a strong understanding of your company’s strengths and weaknesses, you can begin to implement an actionable cybersecurity checklist that will scale as you grow, keeping your business ahead of the data security curve. Each SMB’s checklist will be unique, but these best practices will be integrated into any successful cybersecurity strategy.

Continuous Education on the Latest Threats

A majority of small to medium-sized businesses rely on software systems that are constantly evolving, closing old security gaps while potentially opening new ones. With a tech landscape in constant flux, one-off security training will never be enough to truly protect your business. Comprehensive employee training that evolves alongside cybersecurity threats and data privacy regulations are your company’s first line of cybersecurity defense. Include phishing prevention practices in these trainings as well. Although seemingly old hat, phishing attacks are also evolving and remain one of the largest causes of data breaches globally. Continuous training of employees helps build a culture of security where they feel part of the team and its success. 

Regular Risk Assessment and Security Audits

Just as one-off training is not sufficient in keeping your staff informed, a one-off audit does nothing to continuously protect your company as it grows. Depending on your industry, these audits should take place at least annually, and are the best way to detect a security flaw before it is exploited. Factors such as the sensitivity of the data your business houses, and the likely impacts of a successful breach—your risk profile—should guide decisions regarding the frequency of these security audits.

Disaster Response Plan

Having a prepared disaster response plan is the most effective way to mitigate your losses during a data security breach. Backup and recovery tactics are critical components of this plan. It should also include a list of security consultants to contact in order to repair the breach, as well as a communications plan that notifies customers, staff, and the public in accordance with data protection regulations. An MSP can work with your company to provide a disaster response plan that is customized to your business’ specific needs.

Bring Your Own Device

Never scrimp on mobile security. Many companies now tolerate some degree of bring-your-own-device (BYOD) policy, giving employees increased convenience and employer accessibility. But convenience is a compromise and, whether it be from everyday theft or a malicious app, mobile devices are a weak point in many company’s security. Including mobile security guidelines like automatic device lock requirements, strong password guidelines, and failsafe remote wipe access in your BYOD policies will save your company money, time, and heartache.

Layer Your Security

Finally, ensure your business has multiple layers of defense in place. Accounting for endpoint devices is no less critical than it’s always been, but businesses are increasingly learning that networks and users need protection, too. DNS-layer security can keep employees from inviting risky sites onto your network, and security awareness training will help your users recognize signs of an attack. No one solution is a panacea, but tiered defenses make a business more resilient against cybercrime.

Survey says: We don’t have time for this

One of the largest impediments to SMBs adopting these modern cybersecurity protocols is the perceived time cost, with two-fifths of IT leaders surveyed by Webroot stating they simply do not have the time or resources to fully understand cybersecurity threats. The uncomfortable truth is that, if you can’t find the time to protect your data, a hacker whodoes have the time is likely to find and exploit your security gaps. But there is a silver-lining, the smaller size of an SMB actually allows for a certain level of agility and adaptiveness when implementing cybersecurity policies that is inaccessible to tech giants.

“SMBs can no longer consider themselves too small to be targets. They need to use their nimble size to their advantage by quickly identifying risks and educating employees on risk mitigation, because people will always be the first line of defense,” said Barnes.

You’ll find additional benefits beyond the base-level protection a comprehensive cybersecurity plan provides. As 33% of SMBs surveyed by Webroot say they prefer not to think about cybersecurity at all, demonstrating that your company is ahead of the problem can be a powerful way to distinguish your business from its competitors. With consumer data privacy concerns at an all-time high, a modern cybersecurity checklist may be one of the best marketing tools available. The best way to stay ahead of cybersecurity threats is to stay informed. Read the entire Size Does Matter: Small Businesses and Cybersecurity report for an in-depth look at how your SMB contemporaries are handling data protection, and stay up-to-date with Webroot for additional cybersecurity reports and resources.

The post A Cybersecurity Checklist for Modern SMBs appeared first on Webroot Blog.

By

MSPs: Your Security Vendor Should Integrate with More Than Just Your RMM and PSA

Reading Time: ~2 min.

For many MSPs, integrating their security solution with their remote monitoring and management (RMM) and professional service automation (PSA) platforms is essential for doing business. Together, these platforms help lower the cost of keeping up with each client, ensuring profitable margins for a healthy, growing business.

For true providers of IT services—MSPs that sell services rather than licenses and take a holistic approach to client IT health—RMM and PSA integrations are critical for keeping track of hundreds or even thousands of unique endpoints and automating recurring operations for numerous clients.

Like many of the other features of our security solutions, our RMM and PSA integrations are custom-built with the needs of MSPs in mind. They’re designed to help MSPs create the most efficient, well-oiled versions of their businesses possible so that service is prompt, solutions are effective, and profit is preserved.   

Here’s what you should expect from your RMM and PSA security integrations:

  1. Faster rollouts- One of the core benefits of RMM-assisted deployments, expect rollouts to new endpoints to be fast and hassle-free with well-designed integrations. New endpoints should be easy to set up with protection turned on in just a few clicks.
  2. Simplified management- Efficiency is key to profitability. So a centralized dashboard displaying what’s running, what’s broken and how, infection statuses, endpoints requiring attention, and more helps increase the number of endpoints a single technician can manage, boosting efficiency and, ultimately, profitability. 
  3. The data you need- The best RMM and PSA integrations make it possible to get the data you need to run a successful business. Whether it’s per-client data for calculating a client’s cost to you, information on policy settings for sites and endpoints, or additional reporting delivered to clients to promote peace-of-mind, having access to allof your data empowers decision-making. 

Integrations don’t have to end there

Integrating disparate products can be a laborious, time-intensive process. For that reason, many security vendors are reluctant to coordinate too closely with customers to automate functions unique to their businesses. But it doesn’t have to be that way. 

Advanced plugins and tools allow for complete customization of dashboards, reporting, and data tracking. Each can be customized to track the metrics most useful to the organization. Critical processes, like issuing periodic reports, can be fully automated. This can be extremely beneficial when it comes to communicating with customers. Weekly or monthly reports demonstrate that, despite a lack of any major security incidents, it wasn’t for lack of trying on the part of cybercriminals. 

More than simply allowing different business platforms to talk to one another, integration plugins can be used for running commands and performing actions. This includes creating, modifying, or deleting licenses, removing duplicate endpoints, or quickly creating new console sites. 

Insist on better integrations

So when considering which cybersecurity vendor offers the most for your MSP, consider not only whether the solution allows you to communicate with your RMM and PSA platforms, but also how deeply. Does the vendor have a dedicated integrations team? Do they offer tools for the customization of business-specific reporting? Can essential, recurring business processes be automated?

The answers to the questions above will help you determine how much value RMM and PSA integrations add for your business. In a market where margins can be razor thin and built-in efficiencies can make or break the bottom line, the answers may make all the difference.

The post MSPs: Your Security Vendor Should Integrate with More Than Just Your RMM and PSA appeared first on Webroot Blog.

By

What’s Next? Webroot’s 2019 Cybersecurity Predictions

Reading Time: ~4 min.

At Webroot, we stay ahead of cybersecurity trends in order to keep our customers up-to-date and secure. As the end of the year approaches, our team of experts has gathered their top cybersecurity predictions for 2019. What threats and changes should you brace for?

General Data Protection Regulation Penalties

“A large US-based tech company will get hammered by the new GDPR fines.” – Megan Shields, Webroot Associate General Counsel

When the General Data Protection Regulation (GDPR) became law in the EU last May, many businesses scrambled to implement the required privacy protections. In anticipation of this challenge for businesses, it seemed as though the Data Protection Authorities (the governing organizations overseeing GDPR compliance) were giving them time to adjust to the new regulations. However, it appears that time has passed. European Data Protection Supervisor Giovanni Buttarelli spoke with Reuters in October and said the time for issuing penalizations is near. With GDPR privacy protection responsibilities now incumbent upon large tech companies with millions—if not billions—of users, as well as small to medium-sized businesses, noncompliance could mean huge penalties.

GDPR fines will depend on the specifics of each infringement, but companies could face damages of up to 4% of their worldwide annual turnover, or up to 20 million Euros, whichever is greater. For example, if the GDPR had been in place during the 2013 Yahoo breach affecting 3 billion users, Yahoo could have faced anywhere from $80 million to $160 million in fines. It’s also important to note that Buttarelli specifically mentions the potential for bans on processing personal data, at Data Protection Authorities’ discretion, which would effectively suspend a company’s data flows inside the EU.

AI Disruption

“Further adoption of AI leading to automation of professions involving low social intelligence and creativity. It will also give birth to more advanced social engineering attacks.” – Paul Barnes, Webroot Sr. Director of Product Strategy

The Fouth Industrial Revolution is here and the markets are beginning to feel it. Machine learning algorithms and applied artificial intelligence programs are already infiltrating and disrupting top industries. Several of the largest financial institutions in the world have integrated artificial intelligence into aspects of their businesses. Often these programs use natural language processing—giving them the ability to handle customer-facing roles more easily—to boost productivity.

From a risk perspective, new voice manipulation techniques and face mapping technologies, in conjunction with other AI disciplines, will usher in a new dawn of social engineering that could be used in advanced spear-phishing attacks to influence political campaigns or even policy makers directly.

Ransomware is Out, Cryptojacking is In

We’ll see a continued decline in commodity ransomware prevalence. While ransomware won’t disappear, endpoint solutions are better geared to defend against suspicious ransom-esque actions and, as such, malware authors will turn to either more targeted attacks or more subtle cryptocurrency mining alternatives.” – Eric Klonowski, Webroot Principal Threat Research Analyst

Although we’re unlikely to see the true death of ransomware, it does seem to be in decline. This is due in large part to the success of cryptocurrency and the overwhelming demand for the large amounts of computing power required for cryptomining. Hackers have seized upon this as a less risky alternative to ransomware, leading to the emergence of cryptojacking.

Cryptojacking is the now too-common practice of injecting software into an unsuspecting system and using its latent processing power to mine for cryptocurrencies. This resource theft drags systems down, but is often stealthy enough to go undetected. We are beginning to feel the pinch of cryptojacking in critical systems, with a cryptomining operation recently being discovered on the network of a water utility system in Europe. This trend is on track to continue into the New Year, with detected attacks increasing by 141% in the first half of 2018 alone.

Targeted Attacks

“Attacks will become more targeted. In 2018, ransomware took a back seat to cryptominers and banking Trojans to an extent, and we will continue see more targeted and calculated extortion of victims, as seen with the Dridex group. The balance between cryptominers and ransomware is dependent upon the price of cryptocurrency (most notably Bitcoin), but the money-making model of cryptominers favors its continued use.” – Jason Davison, Webroot Advanced Threat Research Analyst

The prominence of cryptojacking in cybercrime circles means that, when ransomware appears in the headlines, it will be for calculated, highly-targeted attacks. Cybercriminas are now researching systems ahead of time, often through backdoor access, enabling them to encrypt their ransomware against the specific antivirus applications put in place to detect it.

Government bodies and healthcare systems are prime candidates for targeted attacks, since they handle sensitive data from large swaths of the population. These attacks often have costs far beyond the ransom itself. The City of Atlanta is currently dealing with $17 million in post-breach costs. (Their perpetrators asked for $51,000 in Bitcoin, which the city refused to pay.)

The private sector won’t be spared from targeting, either. A recent Dharma Bip ransomware attack on a brewery involved attackers posting the brewery’s job listing on an international hiring website and submitting a resume attachment with a powerful ransomware payload.

Zero Day Vulnerabilities

“Because the cost of exploitation has risen so dramatically over the course of the last decade, we’ll continue to see a drop in the use of zero days in the wild (as well as associated private exploit leaks). Without a doubt, state actors will continue to hoard these for use on the highest-value targets, but expect to see a stop in Shadowbrokers-esqueoccurrences. Leaks probably served as a powerful wake-up call internally with regards to access to these utilities (or perhaps where they’re left behind). – Eric Klonowski, Webroot Principal Threat Research Analyst

Though the cost of effective, zero-day exploits is rising and demand for these exploits has never been higher, we predict a decrease in high-profile breaches. Invariably, as large software systems become more adept at preventing exploitation, the amount of expertise required to identify valuable software vulnerabilities increases with it. Between organizations like the Zero Day Initiative working to keep these flaws out of the hands of hackers and governmental bodies and intelligence agencies stockpiling security flaws for cyber warfare purposes, we are likely to see fewer zero day exploits in the coming year.

However, with the average time between the initial private discovery and the public disclosure of a zero day vulnerability being about 6.9 years, we may just need to wait before we hear about it.

The take-home? Pay attention, stay focused, and keep an eye on this space for up-to-the-minute information about cybersecurity issues as they arise.

The post What’s Next? Webroot’s 2019 Cybersecurity Predictions appeared first on Webroot Blog.