Protect all your servers, from on-prem to multi-cloud, Windows to Linux, all fully integrated within Sophos Central.

Trust is a dangerous word in IT, especially when that trust is granted without much consideration: when it’s implied, or when it’s never questioned.

Creating a sealed-off perimeter where everything and everyone within the network is fully trusted has proven to be a flawed design. Yet, that’s how many networks are still implemented today.

Anyone with access to the network, either physically or via VPN, has broad access to everything on that network regardless of who they are, or what state their device is in.

There’s got to be a better way, right? Well, there is. It’s called zero trust… or trust nothing, verify everything… continuously.

With zero trust, nothing is implicitly trusted. Trust has to be earned – constantly. Zero trust is a very simple and elegant way of micro-segmenting the network so that only users who prove their identity and have compliant devices can access only very specific resources – and NOT the whole network. This has tremendous benefits for security.

Watch this short 3-minute video to learn more about why zero trust is so important:

Sophos ZTNA

Sophos ZTNA utilizes the principles of zero trust to provide workers with secure access to the networked applications, data, and systems they need to do their jobs… no matter where they’re located.

It’s just a better way of providing network access for remote workers, with greatly enhanced security, easier management, and a much more transparent end-user experience compared to old-school VPN.

And it’s the only ZTNA solution that’s tightly integrated with next-gen endpoint protection for a single-agent, single-console, single-vendor solution for all your remote workers’ protection and connectivity needs.

Check it out at Sophos.com/ZTNA

Source: Sophos

Sophos ZTNA has received Frost & Sullivan’s prestigious Global New Product Innovation Award in the zero trust network access industry. Frost & Sullivan applies a rigorous analytical process to evaluate multiple vendors for each award category before determining the final award recipient.

We are very honored that Sophos ZTNA was awarded this distinction based on alignment with needs, value, and customer experience.

Frost & Sullivan praised our focus on listening to market needs, keeping what is often considered an intimidating new technology simple to understand and easy to adopt. They also praised us for addressing the top complaints about existing solutions on the market.

They noted that we are uniquely positioned to provide a compelling integrated ZTNA and next-gen endpoint solution, something other vendors are unable to offer.

They acknowledged the significant benefits this type of integrated solution enables, such as Synchronized Security to share device health, a single agent deployment, and a single management console, along with a very elegant and simple licensing scheme.

Frost & Sullivan concluded that Sophos ZTNA matches customer needs for simplification in every aspect, ranging from design to purchase and service experience by integrating our ZTNA solution into our broader ecosystem of cybersecurity products, all managed from a single cloud console – Sophos Central.

“Sophos has designed an innovative ZTNA solution… With its strong overall performance, Sophos earns Frost & Sullivan’s 2022 Global New Product Innovation Award in the zero trust network access industry”

Download the full Frost & Sullivan Award Report and check Sophos.com/ZTNA for more information.

Source: Sophos

Sophos Firewall OS v19 MR1 brings a number of additional enhancements and fixes to what is already one of our best firewall updates ever.

Can you believe it? Cobalt Strike is 10 years old! Think back to the summer of 2012. The Olympics were taking place in London. CERN announced the discovery of a new particle. The Mars Rover, Curiosity, successfully landed on the red planet. And despite the numerous eschatological claims of the world ending by December, Raphael Mudge diligently worked to create and debut a solution unique to the cybersecurity market.

Raphael designed Cobalt Strike as a big brother to Armitage, his original project that served as a graphical cyber-attack management tool for Metasploit. Cobalt Strike quickly took off as an advanced adversary emulation tool ideal for post-exploitation exercises by Red Teams.

Flash forward to 2022 and not only is the world still turning, Cobalt Strike continues to mature, having become a favorite tool of top cybersecurity experts. The Cobalt Strike team has also grown accordingly, with more members than ever working on research activities to further add features, enhance security, and fulfill customer requests. With version 4.7 nearly ready, we’re eager to show you what we’ve been working on.

However, we’d be remiss not to take a moment to pause and thank the Cobalt Strike user community for all you’ve done to contribute over the years to help this solution evolve. But how could we best show our appreciation? A glitter unicorn card talking about “celebrating the journey”? A flash mob dance to Hall & Oates’ “You Make My Dreams Come True”? Hire a plane to write “With users like you, we’ve Cobalt Struck gold!” It turns out that that it is very difficult to express gratitude in a non-cheesy way, but we’ve tried our best with the following video:

Source: HelpSystems

TLS is a popular Internet security protocol designed to establish secure communications that provides both privacy and data security. TLS was first developed by the Internet Engineering Task Force (IETF) with the first version being published in 1999.

TLS was created from another encryption protocol called Secure Sockets Layer, or SSL. Since both protocols are so closely related, you may hear others use SSL and TLS interchangeably to describe secure communications over the Internet.

Ports 587, 2525, and 465 are commonly used to establish secure connections, but which you use varies based on whether you’re using IMAP or POP3 to access emails from your server. Your system administrator can also set specific ports for encryption on mail servers and other applications.

What is STARTTLS?

STARTTLS is a protocol command used to prompt an email server that the client wishes to upgrade the connection from an insecure connection to a secure one. STARTTLS can take an insecure connection and make it secure via TLS protocol. Having this option enabled on your mail server allows a secure connection to be established before any emails are sent.

How does TLS protect email communications?

TLS plays a role in protecting email communications by establishing a secure and encrypted connection between two points. TLS utilizes asymmetric encryption to keep email communications private and untampered with while in transit. In other words, using encryption for emails ensures that the contents of the message cannot be read or modified while being sent and provides a mechanism for authentication between the sender and recipient.

Emails that use SMTP risk having their messages compromised by man-in-the-middle attacks or wiretaps if they are operating without encryption. These attacks can silently copy your emails and read their contents or even change the contents of the message while it’s in transit. This not only compromises the integrity of the email, but can provide valuable information to attackers who are capable of launching even more sophisticated attacks against your domain, such as spear phishing or whaling campaigns.

Secure connections are established using a series of steps known as a “TLS handshake”. This handshake requires two parties in order to create a secure connection. When a message is sent using TLS, the handshake process gets into motion as follows:

1. During the first phase, the client and server will specify which version of TLS they will use for the session.
2. Then the client and server will pick which cipher suit they will use.
3. The identity of the server will then be authenticated using the server’s TLS certificate.
4. Finally, session keys will be generated and used to encrypt the email messages once the handshake is completed.

How to check if an email is using TLS

Today, close to 90% of emails both sent and received are encrypted. But how can you check for yourself?

Server administrators should be able to verify their email server is using some form of encryption by checking their certificate store and validating that their certificate is both installed correctly and up to date.

If you’re simply checking an email, you can verify if the message was sent using encryption by checking the headers of the message. In Gmail, this can be done by opening the email in question and clicking on the small arrow next to your name underneath the sender’s address.

This can be done in Microsoft Outlook as well by opening the email you wish to check, and then navigating to File > Properties. This will open up the email header information which will contain any TLS information if available.

Is TLS the only protection I need?

TLS plays a vital role in email security, but it can’t protect against all email-based threats. Emails using encryption are protected against:

• Man-in-the-middle attacks
• Messages read or eavesdropped on by attackers while in transit
• Messages being forwarded to attackers

However, TLS cannot protect emails against:

• Phishing attempts using lookalike domains
• Malicious attachments that contain viruses
• Links inside of emails that redirect to phishing sites
• Emails that use social engineering to trick recipients into sharing sensitive information
• Servers sending spoof emails from domains that they do not control or defend

The Agari Advantage

Agari’s Email Security solutions utilize TLS and DMARC to ensure that emails are encrypted, as well as protected against phishing attacks from domain spoofing. Phishing attacks that use lookalike domains trick unsuspecting recipients into clicking links or sending sensitive information by pretending to be a trusted sender. These attacks can occur directly over a secure connection since they don’t have to abuse a lack of encryption to succeed.

By combining TLS encryption, organizations can deploy a security strategy that stops email-based attacks at all levels. For email protection beyond TLS, watch Agari’s Phishing Defense simulated product tour to see it in action for yourself!

Source: HelpSystems

Organizations are rapidly switching to Sophos’ managed detection and response service to enjoy better cybersecurity outcome.

We are thrilled to share that Sophos Managed Threat Response (MTR), our 24/7 human-led threat hunting, detection, and response service, now supports over 10,000 organizations around the world.

As cyber threats grow in both volume and complexity, organizations of all sizes and industries are increasingly turning to Sophos to enhance their cyber defenses. Testament to the quality of service and threat protection we provide, in independent reviews on Gartner Peer Insights customers rate us 4.7/5 as of July 2022.

Along with our customer base, we’re also expanding our our MDR services to support customers on their security journeys. For example, following our recent acquisition of SOC.OS we plan to include additional telemetry and context from alerts and events across dozens of third-party endpoint, server, firewall, identity and access management (IAM), cloud workload, email, and mobile security products. This will enable security operations teams to quickly understand and respond to the most urgent alerts across their entire estate.

Your security. Our responsibility.

We recognize and value the trust that customers place in us when they choose Sophos MTR. From the frontline threat hunters and response specialists in the MTR team to the malware, AI and engineering experts working behind the scenes, we are all fully focused on improving your cybersecurity outcomes.

Of course, each organization is different. That’s why we offer flexible service options that enable you to choose the level of support that best meet your needs.

• Managed by Sophos. Full 24/7/365 threat hunting and neutralization delivered by Sophos security operations specialists
• Managed together. Our experts work alongside your experts, enhancing your security operations and extending your protection, including evening, weekend and vacation cover
• Managed by you. Sophos XDR enables and empowers your team to conduct your threat hunting in-house using the latest next-gen technologies and threat intel insights

Our experts use the same Sophos next-gen technology as your experts, making it easy to switch support levels when your requirements change.

Sophos MTR in action: Neutralizing Cuba ransomware

Let me share with you a recent example of how Sophos MTR identified and neutralized a ransomware attack on a manufacturing organization, preventing data exfiltration, data encryption, business interruption, lost revenue, and remediation costs.

• Our operators detected suspicious indicators in the environment of a 200-seat customer working in the manufacturing sector. They noticed tools associated with ransomware groups along with Cobalt Strike, an adversary simulation tool that is commonly abused by threat actors
• Sophos MTR instantly alerted the customer and started an investigation, sharing samples with SophosLabs for detailed analysis
• Within 30 minutes SophosLabs confirmed a threat actor had gained access to the customers’ environment, and the adversary’s tactics, techniques, and procedures (TTP) matched the early stages of a Cuba ransomware attack
• Our team rapidly neutralized and evicted the adversary, preventing both data exfiltration and data encryption, and saving the customer hundreds of thousands of dollars of remediation cost, not to mention business interruption and lost earnings
• We were also able to guide the customer on how to harden their defenses to reduce the likelihood of future incidents

Improving cybersecurity outcomes at London South Bank University

Sophos MTR has enabled London South Bank University in the UK to strengthen cybersecurity for their 20,000 students and 2,500 staff while also freeing up the IT team to deliver initiatives that have increased student satisfaction. Hear their story in their word:

Πως μπορεί να σας βοηθήσει η Sophos

H Sophos μπορεί να προστατεύσει και να ενδυναμώσει τον οργανισμό σας, όπως ακριβώς έκανε στην περίπτωση του London South Bank University και χιλιάδες άλλους οργανισμούς σε όλο τον κόσμο.

Μιλήστε με τους ειδικούς συμβούλους της εταιρείας για να μάθετε περισσότερα για την υπηρεσία Sophos MTR και να συζητήσετε μαζί τους για το πως μπορούν να σας βοηθήσουν να επιτύχετε καλύτερα αποτελέσματα όσον αφορά την κυβερνοασφάλεια.    

Source: Sophos

How companies can layer security solutions to ensure their data is fully protected no matter where it resides, how it travels or is shared.

Data is Everywhere

Enterprise data security is all about protecting sensitive data and ensuring that protected information is not compromised. Data can be anywhere and everywhere, so securing it has gotten increasingly complex from inside and outside the organization. Further complicating data security is the shifting from centralized storage in a data center to distributed and portable datasets located on user devices, remote locations, connected endpoints, and multiple clouds. Data is no longer a static thing secured behind a firewall. Instead, data often move across numerous environments and different locations, devices, and geographies.

Modern data security must start at the business level. Effective data security is about visibility, classification, and automation. Visibility focuses on understanding which data is important to protect; classification is about creating scenarios, rules, and categories for safeguarding sensitive information. Automation helps enforce and ensure the controls, policies, and data handling rules are in place.

HelpSystems has several offerings that address the roadmap for effective data security and automation. At its core, enterprise data security has multiple pillars, including data classification, data loss prevention (DLP), email security, domain-based message authentication reporting & conformance (DMARC), and secure managed file transfer (MFT) solutions. Below is a short overview of how HelpSystems supports organizations with enterprise data management (we will go further in-depth in subsequent articles.)

Data Classification 

From the moment data is created, it becomes a liability. This is especially true if the data has no context. How can an organization protect its valuable, sensitive data if they don’t know what data they have? Identifying and classifying different data types, such as personally identifiable information (PII), is the basis of any good security plan. Classifying data provides important clarity for users and downstream security tools.

HelpSystems has 35 years of data classification experience and offers tailored solutions depending on different customer requirements.

Enterprise DLP

One of the main challenges with DLP is understanding trafficked data throughout the enterprise. Many traditional methods for monitoring and managing inbound and outbound traffic fall short as anyone with access to sensitive data can download and share corporate information.

In 2021, HelpSystems acquired DLP provider Digital Guardian to augment their SaaS and managed service endpoint, network, and cloud DLP capabilities.

Email Security 

When data travels in and out of a network by email, the policies and security controls in the email solution protect the organization from outbound data leakage and inbound threats. Data labelling ensures that sensitive data is handled correctly, data is protected against viruses and malware, and if messages contain unauthorized information, it is automatically removed.

The Clearswift Email Security solution works seamlessly with other HelpSystems data security tools to provide continuous protection as data moves via email.

Securing Enterprise Email with DMARC

Bad actors use obfuscation methods to send phishing emails, social engineering, spam, ransomware, and malware emails disguised as legitimate sources to trick unwitting victims. These attacks inflict significant damage to an enterprise’s reputation and brand and, in most cases, cause consequential financial loss.
HelpSystem’s DMARC solution, Agari, helps its customers to monitor, detect, and respond to all related email streams under their name to prevent the malicious ones from affecting their customers’ and employees’ inboxes.

Managed File Transfer & Rights Management

Organizations increasingly rely on exchanging sensitive data between their constituents, including customers, business partners, employees, and suppliers. These file transfers include reports, contracts, employee and customer information, and project information – any manipulation or loss of data results in compliance and overall security issues. The efficient movement of data between an organization and its third-party partners must be secure, auditable, and accountable for data privacy and integrity.

HelpSystems’ Secure Managed File Transfer solutions, GoAnywhere and Globalscape address the security, encryption, and data protection needed when transferring sensitive information across the enterprise and its trusted third parties. Adding Digital Rights Management (DRM) adds further encryption to ensure files remain protected after the file transfer.

Securing Data and Email Across the Enterprise

HelpSystems data protection, email security, and secure file transfer solutions are viable options for organizations of all sizes that require enhanced data and communications protection. The technologies cover the “full-circle of life” from monitoring traffic, sanitizing sensitive data, blocking malicious behavior, deleting uncompliant information, and encrypting the data when it’s in motion or at rest.

We believe a solid business strategy that focuses on “buy what you can, build what you have to, and integrate for competitive advantage” will assist HelpSystems in differentiating itself in a hyper-competitive data security marketplace.

Source: HelpSystems

Malware and ransomware infection rates are increasing year-over-year, with ransomware attacks doubling in 2021 according to the Verizon Data Breach Investigations Report and 50% to 75% of ransomware victims being small businesses. It is more important than ever for MSPs to take a multi-layer security strategy to protect their customers.

Multi-layer defense is about adding layers of security to the environment to ensure you are operating as securely as possible. A typical SMB security stack would look like this:

• Email security and advanced threat protection

• Endpoint security

• Patch management

• Ransomware detection

• Network security – firewall

• Multi-factor authentication

• Web-content filtering

• Standard user account permissions

• Backup and recovery

A key step when MSPs want to ensure their partners are fully secure is to focus on securing endpoints — mainly desktops and laptops. In this blog post, we will cover the key components of securing endpoints in an effective manner.

Email security and advanced threat protection

Because email is still a key attack vector, it is important to have advanced threat protection (ATP) in addition to the basic email security provided by the email provider. Effective pre-delivery email security prevents malware from entering the environment in the first place.

Datto SaaS Defense is designed to stop attacks before they reach the end user, allowing MSPs to proactively defend against a variety of malware that targets not only the Microsoft Exchange inbox, but the collaboration tools inside Microsoft 365 such as Microsoft OneDrive, Microsoft SharePoint and Microsoft Teams.

Endpoint security

Antivirus (AV)

Antivirus software runs automatically in the background on the endpoints in your environment and scans your system for known malware based on established virus definitions. When your AV detects malware, it removes it from the endpoint to protect your organization. While in the past having an AV on each endpoint was enough, this is now considered as just the first step in endpoint security.

Datto RMM ensures antivirus is installed and up-to-date. It is vital for MSPs to have accurate information about the status of antivirus solutions on all endpoints. Datto RMM’s universal antivirus detection not only detects the presence of antivirus solutions on endpoints, but also reports the status of these solutions.

Endpoint detection and response (EDR)

EDR alerts you to suspicious activity that may indicate a malware attack. Real-time alerts aim to reduce the time-to-detection of threats, which can have a significant impact on the chances to recover from incidents such as ransomware. Once an EDR tool has alerted you to suspicious activity, a security analyst will typically analyze the information and choose next steps. More broadly, these tools collect and monitor data pertaining to potential cybersecurity threats to the network. Your team can analyze this data to determine the root cause of security issues and use it to support incident response and management strategies. Recently CISA designated EDR as a critical component for cybersecurity, yet many firms still do not have this capability.

Patch management

Patches are updates to operating systems, software applications and networking devices, built to fix security vulnerabilities. They are crucial to designing an effective cybersecurity strategy because they often close security gaps that could allow bad actors entry into endpoint devices and IT networks. Unpatched vulnerabilities are one of the leading causes of security breaches. To ensure timely deployment of patches MSPs typically use patch management tools that provide them with detailed insights into apps and devices that are potentially at risk.

By using automated patch management tools MSPs can patch multiple endpoint devices simultaneously, enabling them to maintain a consistent security posture across all managed endpoints. Policy-based patching automation also helps MSPs be more efficient by reducing cumbersome manual updates and enhances the service delivery experience by minimizing end-user interruptions. Datto RMM’s built-in patch management engine makes patch management effortless and scalable for MSPs via flexible policies and automation.

Ransomware detection

Datto RMM’s unique Ransomware Detection functionality monitors endpoints for ransomware infection using proprietary behavioral analysis of files and alerts you when a device is infected. Once ransomware is detected, Datto RMM can isolate the device and attempt to stop suspected ransomware processes to prevent the ransomware from spreading. It enables MSPs to monitor endpoints for ransomware at scale, take steps to prevent the spread of ransomware and reduce time to remediation.

Backup and recovery

Your clients may have different needs when it comes to their endpoint security strategy. However, one essential component should be endpoint backup. When other endpoint security measures fail, an updated backup of the device will ensure that you still have access to all necessary information no matter what happens.

In other words, security starts with recovery. It is crucial to backup endpoints in order to allow recovery in case of a cyber incident. Datto Cloud Continuity for PCs enhances endpoint security and acts as a last line of defense by protecting data in case of a hardware failure, accidental deletion, ransomware attack, or another disaster. Cloud Continuity ensures endpoints can be restored to their pre-disaster state quickly and easily.

By backing up your clients’ data to the cloud, you can ensure their important files are safe and accessible even if their computer is damaged or destroyed. In addition, cloud backup can help your clients comply with data loss prevention (DLP) regulations and keep their business running in the event of a systems outage. If you’re looking for a reliable and secure way to back up your clients’ data, consider adding cloud backup services to your multi-layered security strategy to enhance your existing endpoint monitoring services.

Download the Security Best Practices Checklist to start today with some simple actions to protect your customers from ransomware.

Source: Datto

Ransomware attacks can be mitigated with some security measures and techniques, but in terms of publishing of sensitive data, only data encryption protection can help you. Find out in this article how to protect your sensitive data with encryption, steps for an effective encryption strategy and what to encrypt.

Taking back control of your data through Encryption

It is established that encryption is important to secure your data, but that is not the only solution. It is not only important for modern security but is also core to modern computing if you want to excel in an internet driven environment. In fact, it is more important that you have an effective information policy where big tech companies and third-party providers allow you to cloud compute, and store and share vast amounts of information online; it is only essential that you encrypt all that data before using these services if you manage sensitive data.

It is not only important to fully evaluate and prioritize which data needs to be enabled to be accessed and stored, it is also crucial that you fully encrypt all of the documents and communication files before putting them online. This way you can greatly reduce the vulnerability of your organization and/or company’s potential of a data breach by big cybersecurity thieves.

Who is at Risk?

Despite the incidences of frequent cyber attacks, data breaches and identity thefts, IDC reports that only 3% of those information leaks and data breaches was encrypted and protected. This means that 97% of that data was not encrypted and highly exposed, with only 3% unusable to the cyber thieves due to being encrypted and inaccessible despite being stolen.

One of the greatest responsible motivator of wide spread of ransomware is to make money or gain profit through ransom. As far today’s scenario is concerned, the objective of ransomware is damage, destruction, harming victim at any state and yield as much money as possible either by hooks or crooks.

Some people are more at danger than others:

• Corporate or Business Sector are most favorable target for ransomware initiators due to the presence of huge amount of confidential data regarding its consumer, sales, purchase, ledgers, journals, quotations, taxes etc. Loss of such documents can cause the whole business to shut down or bear major losses. Thus, corporate sectors opted to willfully pay ransom instead of suffering setback. The proceedings of World Congress on Engineering and Computer Sciences estimated that out of all victims, around 46% of corporations are targeted, out of these 88% were not using encryption.

• Public or Government Sector. This mostly comprises of educational institutions, power corporations, telecommunications, law enforcement wings, hospitals, banks, transportation and all those establishments that have direct impact on public. The risk of not being encrypted comes from hackers affecting such institutions, increases the probability of getting ransom because upkeep and maintenance of the offline digital copies of huge pile of data is difficult and denial to pay ransom will lead to setbacks in terms of minimum 3 to 6 months, i.e., another big deal of nearly a fresh start. Similarly, infecting government sector fulfil two major objectives of crooks, one to ensure the payment of ransom and if not, then steal the data regarding defense, citizens, budgets, policies etc. and sell it for money over dark net. Hence, encryption of all these data can not only save the organizations and public departments from paying huge amounts of ransom, but also prevent the theft of piles of data that could otherwise set back public or organizational affairs by upto 3 to 6 months or even more! 

• Home Users or Individuals are softest targets of ransomware due to their least fluency with technical aspects of computers. Although a home user generally does not have huge amount of data compared to corporate sector and not related to public concerns but still have extreme significance to its holder that includes reports, projects, pictures, game files, emails, credit card information, online shopping behaviors, etc. Extortion and pressure of ransom payment further increased by eradication of any backup files and disabling of system restore just before commencement of encryption of files by ransomware.

Steps for an effective encryption or data protection management plan

It is important to formulate an encryption or protection plan by following through the three critical questions to allow yourself control over which data to encrypt and protect:

1. Analyze which data needs to be encrypted: Since it’s your data and your company, it is important that you carefully analyze, evaluate, and prioritize which date needs to be encrypted the most. For instance, this could include personally identifiable information (PII) and any trade secrets that would be harmful if leaked.
2. Having a document protection plan: Having encryption is the first step and having an encryption is the last and second most crucial step in your data protection. It is important that you decide what happens with your data while it is in transit and while at rest. These require different levels of protection and you can fully control what happens when. For instance, you can choose to destroy a file if it is shared beyond what you initially provided access for. But, for this to work, you need to have that type of encryption embedded in your file beforehand.
3. Establish solid and easy-to-manage protection policies: It is a busy world and you may often get too caught up in day-to-day affairs of your company to bother with data breaches of previous documents. However, you can choose types of protection policies management plans to automatically keep up with your data while it is at rest and whenever, wherever it is accessed or shared online. This way you can assess your encryption performance regularly to get clear of any serious data breaches.

If you want to learn more about a more detailed approach and deploy to protect your corporate data through a data-centric security approach, read this article.

Knowing what to Encrypt and How much to Encrypt?

Organizations or public sector departments and businesses must be told what information should be safeguarded when encrypting files or folders on file servers or cloud repositories. It’s also critical to use automation to make file protection easier, especially when encrypting folders or safeguarding data in information repositories. In order to avoid spill of privacy, disclosure of confidentiality and enhance a secure transmission of message between two parties the encryption tools are designed to provide safety and ensuring security goals during communication. Take for instance, the Zero Trust Security Model, which focuses on the ‘layer’ protection, on the premise that since every data is so mobile online, it is important to assume that no one or nothing can be trusted.

IRM (Information Rights Management); beyond encryption

IRM systems deal with the challenge on what happens with data once it is in transit or has left the perimeters. Also known as E-DRM (Enterprise Digital Rights Management) or EIP&C (Enterprise Information Protection & Control, it uses a highly sophisticated and effective form of cryptographic protection that applies to files that are travelling and provides protection wherever they transit. The IRM’s system approach is to apply a layered protection to the data that can be controlled even if it is no longer in the network, whether it is in a cloud, on a mobile device, etc.

If the data reaches someone it shouldn’t of whom you consider shouldn’t have access to it, you can revoke the access remotely. You can set expiry dates for documents. Give users more or fewer permissions in real time (Edit when before they could only Read, or restrict the permission to read-only if we don’t want them to edit or print). The ease with which this type of solution may be implemented means you can start using it right away and encrypt and regulate important data that your firm controls internally or with third parties.

One of the most critical aspects of this technology is its ability to be made simple to use so that non-technical people can manage protected data as if it were unprotected data. One part of encryption is allowing end users to be at ease in assessing and using, sharing, editing, transferring their own data without having technical difficulties and know-how of cryptography. It is done by making it compatible with the apps that users use on a daily basis, such as Office, Adobe, and AutoCAD, as well as the information repositories that companies often use, such as File Servers, One Drive, G-Suite, Microsoft Office 365 Cloud applications, SharePoint, Drop Box, and so on.

Hence, depending on the vulnerability of the data, the extent of damage the leakage or theft of which document can have on an organization, you can choose to apply different levels of protection. For instance, if you are sharing confidential information about a new tender with your business partner, you may allow it to be shared with only specific parties, departments with only view-only permissions –  beyond which if accessed, the files could not be assessed and if tried to decrypt, would be of no use to potential competitors.

On the other hand, you might want to limit access to your company’s data that may harm your company, employees, customer base and business partners, if stolen. You can put a minimal protection but with certain levels of access permission. You can choose exactly what happens with which type of data, develop a ‘protection in use’ policy of the encryption and not just a protection in rest or transit. Also, although many organizations and public departments may have pinpoint documents labeled as ‘public’, ‘private’, ‘confidential’, ‘internal use only’, etc, it is more evident on paper than online. Being able to encrypt them according to the levels of classification on paper would be the real win for these organizations. IRM integrated with data classification tools allow you to automatically protect classified or labelled data with a specific IRM protection policy.

Takeaways of Protecting Your Documents Through a Data-Centric Security Approach

It is established that encryption involves a data-centric security management strategy to protect the collective interests of an individual or organization, employees, customers, partners and more. Some of the advantages of having a multi-layer encryption-based protection based in a data-centric security approach for your online data may include:

• Protection of sensitive documents without relying on user actions.
• Ensuring protection of data whether information is travelling outside network perimeter, being accessed by an outsider or while it is in transit, at rest and in use.
• Control what users can do with your documents (View only, copy & paste, edit, print, etc.).
• Monitor, allow or disallow access regardless of where your data is.
• Revoke access to sensitive information even if you provided access permission before.
• Protecting your intellectual property rights by having full control of your data, hence making it almost impossible to be stolen by competitors and imprinters.

SealPath allows you to develop an effective management system for all your sensitive data you want to protect with effective protection, monitoring, and automation systems. You can ensure efficient protection using an integrated IRM (or E-DRM) model to ensure protection of your data in use, at rest and in transit, without having to worry about theft or paying ransoms due to theft.

Source: Sealpath

Secure access service edge (SASE) is set to make cybersecurity simpler and more robust. At Sophos, we’re already well on the way.

Ransomware attacks can be mitigated with some security measures and techniques, but in terms of publishing of sensitive data, only data encryption protection can help you. Find out in this article how to protect your sensitive data with encryption, steps for an effective encryption strategy and what to encrypt.

With the advancement of technology, a handful of cybercriminals have become more adept at hiding their malware code to avoid the most difficult-to-evade security measures. Because it is freely available on the dark web, ransomware does not need very difficult skills.

Cyber criminals are so successful with their ransomware because they constantly incorporate new technological advancements into their attacks and employ them faster than others. For example, consider the well-known phenomenon of adware creeping itself using readme.txt files in your computer, or data breachers occurring through word and pdf files, stealing huge amounts of sensitive data. Cherry on top is this data is then sold off to willing parties for thousands of dollars, comprising passwords, identities, confidential information, project data, company secrets and what not.

Why encrypt data against ransomware attacks?

Encryption can assist tackle the growing privacy and security challenges that both consumers and organizations face, as well as deter hackers who wish to steal our information. IBM reports that ransomware attacks cost organizations upto $4.62 million per breach, not including the ransom demand by cyber thieves for decryption keys in exchange! With the presence of a huge black market for stolen data, it is wise to have protection policy than regrets, lost time and money and huge losses in turnover due to your company’s name labeled as a company compromised in data security protection measures.

In this article you will find out a detailed post about: “the importance of Encryption“.

How having an Encryption Policy is the best strategy for modern computing?

According to a research, only 30% of companies have an active encryption policy despite frequent data breaches in the 21^st century. Encryption is the core for today’s computing driven commercial environment. With huge amounts of incoming and outgoing data with a set of data breachers working to steal your information, encryption is the utmost security protection organizations, businesses and individuals can put to protect from theft. Encryption can assist tackle the growing privacy and security challenges that both consumers and organizations face, as well as deter hackers who wish to steal your information, be it login credentials, confidential information about your new project or company secrets that your competitors can leverage from.

Using Encryption to protect your Organization Data from Breaches and Ransomware

You might have the popular maxim, ‘if you use a free service, you are the product’. This also holds true for companies and other organizations that rely upon big third party service providers. Whether you are an individual or organization, the technology services that your company uses are reliant upon your data — data about your employees, your customers and your business — to generate their revenues and profits. Of course, if you share your word/pdf files with huge amounts of information with a third-party for whatever reasons, you are exposing yourself and your company to data breaches without encryption. An un-encrypted file can be accessed, shared, edited by any third-party and god forbid even deleted or sold off to competitors and data buyers by a potential cyber criminal. Encryption is the key to taking back some data control from technology processes that gain access to individual and corporate information just because they can. Huge companies like Facebook, Whatsapp and Apple rely on promising data security through end-to-end encryption policy as positive selling points. Similarly, encryption of your documents can keep your documents away from prying eyes for both competitor tech companies and cyber criminals alike, even if they somehow get access to it!

Industrial Spy Stolen Data

Cybercriminals now operate with modern computing to carry out high profile and sometimes state sponsored cyber hacking and data breach activities to gain an edge over potential foes and competitors. Failure at protecting your data through encryption could have grave implications for your organization in terms of ransom, data breaches, damage to company’s name and major losses in revenue. In November 2021, the FBI and Interpol uncovered a major data theft by Nigerian cybercriminals, found to have stolen data from 50,000 organizations! Similarly, in May 2021 a massive data breach occurred when Air India reported approximately 4.5 million records stolen from its seemingly secure database.  So where does all the stolen data go?

Cyber criminals have launched a new cyberspace called Industrial Spy that sells all the compromised data from such breached companies, sometimes even offering it for free to its members. Unlike traditional cyber marketplaces for stolen data, Industrial Spy doesn’t work to merely extort enterprises and impose GDPR fines. Industrial Spy allows organizations to purchase data of their competitors or breached data to large scale cybercriminals such as trade classified information, accounting reports, manufacturing diagrams and client databases.

The marketplace has different levels of data offerings, from $2 for individual files up to “premium” stolen data related which represents all data stolen from an organization and that could be proposed for million of dollars. For instance, Industrial Spy is currently selling an Indian company’s data in their premium category for $1.4 million, paid in Bitcoin. On the other hand, much of their data is being sold as individual files, where threat actors can purchase the specific files they want for $2 each. The marketplace also offers free stolen data packs, likely to entice other threat actors to use the site. However, it would not be surprising if the new marketplace is used to extort victims into purchasing their information in order to prevent it from being sold to other cybercriminals.

According to BleepingComputer, the malware executables that create README.txt files to promote Industrial Spy website on Telegram and Twitter was discovered by MalwareHunterTeam security specialists. When these malware files are executed, they generate text files in every folder on the machine, including a description of the service as well as a link to the Tor website. This readme.txt file shows such messages to potential buyers: “There you can buy or download for free private and compromising data of your competitors. We publish schemes, drawings, technologies, political and military secrets, accounting reports and clients databases. All these things were gathered from the largest worldwide companies, conglomerates, and concerns with every activity. We gather data using a vulnerability in their IT infrastructure.” An investigation conducted by BleepingComputer shows that these executables are being distributed via other malware downloaders that are frequently camouflaged as cracks and adware. While the site isn’t very popular yet, businesses and security professionals are recommended to keep an eye on it and the information it claims to sell. You might never know when your company is the next target!

Source: Sealpath

MailStore announced the new version 22.1. New MailStore V22.1 brings optimized usability, security and compliance. Almost six weeks later, MailStore announced V22.1.1 for error-free archiving with public folders on Microsoft 365 and recently, the company announced the release of V22.2 offering support for the operating systems Windows 11 and Windows Server 2022 (Essentials, Standard και Datacenter).

However, before we talk about the new features brought by version 22.2 of MailStore, we will refer to those brought by the V22.1, after of course the significant change in the nomenclature and the numbering scheme of MailStore products.

MailStore V22.1

Administrators of MailStore Server and the MailStore Service Provider Edition (SPE) will benefit from a better user experience with optimized usability and stability, while business owners will be pleased with the enhanced security and a new compliance feature. This is especially the case for businesses that are using our add-on tool MailStore Gateway. MailStore Home users aren’t going away empty-handed either, as we’ve improved the user friendliness.

If you’re wondering why Version 13.2 is being succeeded by Version 22.1, don’t worry: you haven’t missed eight main versions, nor have we got our maths wrong. With the latest version, we’ve changed our numbering scheme for MailStore product versions. The new numbering system reflects the time of the release, so, Version 22.1 stands for the first quarter of 2022. You’ll find more information, together with a series of FAQs, in our blog post New Version Numbering System for MailStore Products.

The version number will be given the format YY.Q, where YY stands for the year and Q for the quarter of the release (e.g. 22.1 for the first quarter of 2022). The full version number will appear thus: <YY.Q.N.BBBBB>, where YY is the 2-digit year, Q is the quarter, N is the release number in the respective quarter, beginning with 0, and BBBBB is the build number of the release. For example: 22.1.0.12345 would be the first release in the first quarter of 2022 with build number 12345.

New Features for MailStore Server and the MailStore Service Provider Edition

With Version 22.1 of MailStore Server and the MailStore Service Provider Edition, administrators will benefit from a better user experience, while business owners will be delighted with a new compliance feature. Moreover, the updated GDPR certification means that customers can rest assured that Version 22.1 helps meet the requirements of the EU’s GDPR.

A Better User Experience

By popular request, admins can now determine much quicker whether they need to take action in the archive. The subject lines of the status reports in MailStore Server and the MailStore SPE now alert administrators of the need to take direct action, if necessary. So, without having to examine every status report in detail, administrators can tell immediately whether, let’s say, an error has occurred in the archive and action is required. This can save precious time in everyday work, especially on mobile devices.

Version 22.1 of MailStore Server also lets admins install a new license without having to reboot the MailStore Client. So, it’s now possible to renew your Update & Support Service or switch from a trial version to a productive system without interruption, even if you have not yet activated the automatic license updating function.

Another improvement is the new input validation feature, which immediately notifies MailStore Server and MailStore SPE administrators if they have used invalid characters in the text fields of a file and folder path, e.g. when specifying which PST file is to be archived. Input validation has also been introduced when configuring the automatic creation of archive storage, too. Early detection of invalid characters avoids subsequent errors; so, rather than spending time searching for invalid entries later, the administrator can correct them straight away.

Compliance

In the new version of MailStore Server and the MailStore SPE, the audit log now records how specific archiving and export profiles have been configured in the past. The resulting “full configuration history” can be used to track how certain settings have been modified over time and how this was done. This can be useful during audits and also helps with compliance. The logged information can also be used to resolve issues with archiving and export profiles, should technical problems occur.

Updated GDPR Certification

It goes without saying that Version 22.1 of our business solutions, MailStore Server and the MailStore SPE, has again been certified by independent data protection experts.

The certification takes into account all relevant aspects of the European General Data Protection Regulation (GDPR) and shows that, when used appropriately, both MailStore Server and the MailStore SPE meet all the requirements governing the processing of personal data set out in the GDPR.

New Features for MailStore Gateway

MailStore Gateway is a free add-on tool to support the simple archiving of cloud services such as Microsoft 365 and Google Workspace, and can be used as a supplement to MailStore Server and the MailStore SPE. With Version 22.1, users of MailStore Gateway profit from several new security features.

Enhanced Security

By popular request, administrators can now use Let’s Encrypt™ certificates in MailStore Gateway. This gives our customers a convenient way to use Let’s Encrypt’s free and trusted certificates to safely encrypt all incoming communications running through MailStore Gateway. The certificates can be configured during installation and at any time in MailStore Gateway’s configuration tool, and are renewed automatically every 60 days. Additional information on using Let’s Encrypt certificates with MailStore Gateway can be found in our Help section.

Moreover, the new version of MailStore Gateway uses .NET 6, i.e. the latest .NET LTS release. Also, as we are no longer bundling .NET runtime with the MailStore Gateway installer, you can update your installed .NET runtimes at operating system level (e.g. via Windows Update). This means that you’ll be able to update the .NET framework without having to update MailStore Gateway. During the installation process, the MailStore Gateway installer checks whether the .NET 6 framework exists on your system. If not, the latest version of the framework is downloaded.

Another improvement concerns the handling of TLS/SSL connections by .NET; this has now been updated in line with Microsoft’s current best practices.

New Features for MailStore Home

Although the new release focuses on our business solutions, home users of our archiving solution MailStore Home are not leaving empty-handed either. MailStore Home users, too, will benefit from the new input validation feature, which immediately notifies them if invalid characters are used in the text fields of a file and folder path. Invalid characters are detected early, which means that subsequent errors are avoided and users can correct their inputs straight away.

MailStore Version 22.2

The MailStore email archiving solutions are well known for always supporting the latest operating systems. Following this tradition, MailStore 22.2 now supports Windows 11 and Windows Server 2022, enabling our customers to use their MailStore installation with Microsoft’s most recent operating systems. This provides customers with maximum flexibility and independence when choosing the OS platform for their MailStore installation. In addition, our support of the latest operating systems emphasizes MailStore’s commitment to always protect our customers’ long-term investment in MailStore email archiving solutions. The new version also enables MailStore customers to use TLS 1.3 encryption where available, i.e., currently on Windows Server 2022 or Windows 11 only. This increases security for customers when using MailStore software remotely, even on public networks (e.g. at locations like airports), by being able to use the latest encryption standard. Besides the changes mentioned above, the new version offers various under-the-hood improvements for increased stability, security & performance and as a basis for future enhancements. For example, the underlying framework was updated to .NET Framework 4.8. Also, there is an update of third-party library, which fixes several minor issues in archiving, displaying and exporting of emails. Updated is also the internal database engine for improving stability, security and performance.

For MailStore Server 

Supported Operating Systems (32-bit and 64-bit Versions where applicable)

• Microsoft Windows 11
• Microsoft Windows 10
• Microsoft Windows 8.1
• Microsoft Windows 7 SP11
• Microsoft Windows Server 2022 (Essentials, Standard, Datacenter)
• Microsoft Windows Server 2019 (Essentials, Standard, Datacenter)
• Microsoft Windows Server 2016 (Essentials, Standard, Datacenter)
• Microsoft Windows Server 2012 and 2012 R2 (Foundation, Essentials, Standard, Datacenter)
• Microsoft Windows Small Business Server 2011 SP11
• Microsoft Windows Server 2008 R2 SP11 (Foundation, Standard, Enterprise, Datacenter)

For MailStore Service Provider Edition

Supported operating systems

• Windows Server 2008 R2 SP11 Standard, Enterprise or Datacenter (Server Core Installation)
• Windows Server 2008 R2 SP11 Standard, Enterprise or Datacenter (Server with a GUI)
• Windows Server 2012 Standard or Datacenter (Server Core Installation)
• Windows Server 2012 Standard or Datacenter (Server with a GUI)
• Windows Server 2012 R2 Standard or Datacenter (Server Core Installation)
• Windows Server 2012 R2 Standard or Datacenter (Server with a GUI)
• Windows Server 2016 Standard or Datacenter (Server Core Installation)
• Windows Server 2016 Standard or Datacenter (Server with a GUI)
• Windows Server 2019 Standard or Datacenter (Server Core Installation)
• Windows Server 2019 Standard or Datacenter (Server with a GUI)
• Windows Server 2022 Standard or Datacenter (Server Core Installation)
• Windows Server 2022 Standard or Datacenter (Server with a GUI)

Additional Requirements

• .NET Framework 4.8

Get the latest insights into ransomware attacks, ransom payments, and the fast-changing cyber insurance healthcare market over the last year.

Sophos has just launched the State of Ransomware in Healthcare 2022, an insightful report carved out of its annual study of the real-world ransomware experiences of healthcare IT professionals. This year, 5,600 IT professionals, including 381 in healthcare, from 31 countries participated in the research.

The study reveals a growing ransomware attack rate on healthcare, resulting in an increasingly tough, broader threat environment for this sector. The study also focuses on the rapidly evolving relationship between ransomware and cyber insurance in healthcare, highlighting how often and how much ransom was paid out by insurance providers against claims by healthcare.

Here are some key findings from the report:

• Ransomware attacks on healthcare almost doubled – 66% of healthcare organizations surveyed were hit by ransomware in 2021, up from 34% in 2020
• A more challenging healthcare threat environment– this sector saw the highest increase in volume (69%) and perceived complexity (67%) of cyber attacks and the second-highest increase in the impact (59%) of such attacks
• Healthcare is most likely to pay the ransom, ranking first with 61% of organizations paying the ransom to get encrypted data back, compared with the global average of 46%; this is almost double than 34% who paid the ransom in 2020

• But, healthcare pays the least ransom amount – US$197K was the ransom amount paid by healthcare in 2021 compared with the global average of US$812K

• Less data is recovered after paying the ransom – healthcare organizations that paid the ransom got back only 65% of their data in 2021, down from 69% in 2020; furthermore, only 2% of those that paid the ransom in 2021 got ALL their data back, down from 8% in 2020
• High cost to recover from ransomware incidents – healthcare ranked second highest at US$1.85M in terms of the average cost to rectify ransomware attacks compared with the global average of US$1.40M

• Long recovery time from ransomware attacks – 44% of healthcare organizations that suffered an attack in the last year took up to a week to recover from the most significant attack, whereas 25% of them took up to one month

• Low cyber insurance coverage in healthcare – only 78% of healthcare organizations have cyber insurance coverage compared with the global average of 83%

• Cyber insurance driving better cyber defenses – 97% of healthcare organizations with cyber insurance have upgraded their cyber defenses to improve their cyber insurance position
• Cyber insurance almost always pays out – in 97% of incidents where the healthcare organization had cyber insurance that covered ransomware, the insurer paid some or all the costs incurred (with 47% overall covering the ransom payment)

The growing rate of ransomware attacks in healthcare reflects the success of the ransomware-as-a-service model, which significantly extends the reach of ransomware by reducing the skill level required to deploy an attack. Most healthcare organizations are choosing to reduce the financial risk associated with such attacks by taking cyber insurance.

However, it is getting harder for healthcare to get coverage, likely because of the high rate of ransomware incidents in this sector. The subsequent insurance coverage gap is leaving many healthcare organizations exposed to the full cost of an attack, increasing the overall ransomware remediation costs. As the coverage becomes more challenging to get, healthcare is bolstering its cyber defenses to improve its cyber insurance position.

Read more about the State of Ransomware in Healthcare 2022.

Source: Sophos

We’re proud to have been named Cybersecurity Company of the Year by Cyber Defense Magazine. It is an Editor’s Choice winner in the publication’s 10th annual Global InfoSec Awards.

“Cybercriminals are constantly changing their tactics, techniques and procedures to evade detection, and Sophos forensic evidence shows a 36% increase in attacker dwell time in 2021.

The fact that attackers are lingering in victim environments for weeks on end – and far longer for smaller organizations – should serve as a wakeup call to businesses worldwide,” said Raja Patel, senior vice president of products at Sophos. “Sophos is helping organizations detect intruders and neutralize threats throughout the attack chain before they cause damage, and we’re honored to accept this award.”

Sophos’ comprehensive and integrated portfolio of solutions and managed services protects against ransomware and other advanced cyberthreats. Pillar offerings – including Sophos Intercept X, Sophos XDR, Sophos Firewall, Sophos ZTNA, and Sophos Cloud Security – are easily managed in the cloud-native Sophos Central platform.

Customers can also choose to have them managed by Sophos MTR, a threat hunting, detection, investigation, and response service that provides a dedicated 24/7 security team to rapidly identify and neutralize sophisticated and complex threats.

Offerings are part of the Sophos Adaptive Cybersecurity Ecosystem, where they share real-time threat intelligence for faster and more contextual and synchronized detection, protection and response. Working together, the solutions can better identify and quickly respond to active threats.

“Sophos embodies three major features we judges look for: understanding tomorrow’s threats, today; providing cost-effective solutions; and innovating in unexpected ways that can help mitigate cyber risk and get one step ahead of the next breach,” said Gary Miliefsky, publisher of Cyber Defense Magazine.

Cyber Defense Magazine announced the winners at RSA Conference 2022. A full list of winners is available online at http://www.cyberdefenseawards.com/.

Source: Sophos

Sophos Firewall OS v18.5 MR4 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all previous versions of v18.5.

For your organization and others alike, its bottom-line growth is understandably priority number one. But as you’re likely well aware, the growing cyber threat landscape means more risks to organizations’ bottom lines are emerging every day. And while creating a sound cybersecurity strategy can seem overwhelming to teams low on resources, time, or talent, bad data management can be far more detrimental in the long run for an organization looking to grow. The following six risks pose the biggest threat to your organization’s continued growth and deserve your security team’s attention moving forward. And the good news is – many of these risks can be addressed methodically, with the help of trusted partners, to bolster your cybersecurity where you need it most and strengthen it over time.

1. Cyberattacks

Every day, cyberattacks are becoming more frequent, sophisticated, and damaging. Whether hackers choose to invade an organization’s network by taking advantage of an unpatched zero-day vulnerability, deliver a dangerous payload to halt their operations, or intercept network traffic to steal data, if that organization isn’t prepared for such an attack, its bottom line can take a serious hit.

Cybercriminals’ use of malware, and specifically ransomware, has seen a dramatic uptick since the beginning of the pandemic. According to SonicWall’s 2022 Cyber Threat Report, 623.3 million ransomware attacks were recorded in 2021, marking more than a 100% increase from the year before and more than a 300% increase from 2019. Furthermore, evidence suggests that both ransom demands and ransom payments are trending in the same direction. According to an update of Palo Alto Network’s 2021 Unit 42 Ransomware Threat Report, the average ransom demand has skyrocketed to $5.3 million, and the average cost of a ransom payment has risen to a staggering $570,000. The payment of a large ransom, the cost of halting business operations, and any harm the malware may have inflicted on an organization’s systems can all dramatically affect that organization’s bottom line, and if any sensitive data was compromised, the bill can soar even higher.

2. Unprotected Data

While a cyberattack in and of itself can be incredibly detrimental and costly, as we alluded to, when an organization’s sensitive data is stolen or otherwise compromised as a result, their bottom line can take an even larger hit. According to IBM’s 2021 Cost of a Data Breach Report, the average cost of a breach rose by 10% compared to 2020, now sitting at $4.24 million per breach.

Leaving your organization susceptible to a breach can exacerbate the fallout of an already costly cyberattack. For example, while a ransom payment may only cost an organization $570, 000, that figure does not account for costs associated with the suspension of business operations, the reinstatement of systems, investigation costs, and perhaps most importantly, compliance fines. In reality, the total average cost of a ransomware attack comes out to a whopping $4.62 million. While cyber insurance can help to cover some of these damages, ultimately, taking steps to protect your organization’s data before a breach ever happens is the most important factor in avoiding a breach’s unanticipated costs.

3. Human Error

When organizations take steps to protect their data against breaches, more often than not, they mistakenly prioritize protecting against outsider threats first. And while breaches are certainly prone to occurring because of an outsider with malicious intentions, insider threats and accidents can sometimes be overlooked. Egress’ 2021 Insider Data Breach Survey found that an overwhelming 94% of organizations experienced an insider data breach in the previous 12 months and 84% of organizations experienced a security incident because of an employee mistake.

Considering the average breach now costs organizations $4.24 million, it should go without saying that protecting against insider threats like human error is just as if not far more important than protecting against purposeful external attacks. Organizations can begin to combat human error by securing the way their employees share its data. Ensuring your organization’s sensitive data is encrypted in transit and can only be opened, read, modified, and forwarded by those with specific permissions is key to avoiding an accidental, yet just as costly data breach.

4. A Flat Network

Because human error is now such a prominent source of data breaches, granting employees too much access to your organization’s network can be incredibly dangerous. According to Verizon’s 2021 Data Breach Investigations Report, the use of stolen employee credentials was present in a quarter of all breaches in the previous 12 months. When an employee whose credentials have been stolen has full or close-to-full network access, a hacker will have the same level of access while posing as that employee.

A way for organizations to begin combatting this risk is to properly segment their network. Rather than the organization’s various network components all depending on a singular perimeter defense system, segmenting the network into several smaller sub-networks will only allow employees (or any bad actor posing as an employee) to have the least amount of access necessary. Although the goal of addressing security risks is to prevent a breach before one ever occurs, if and when one does occur, organizations can take advantage of a segmented network to limit the impact of the breach and quickly contain the threat.

5. Undertrained Employees

A lack of employee training is consistently one of the biggest contributors to breaches that occur as a result of human error, and a lack of training can show itself in several ways. Most pertinently, employees have shown themselves to be susceptible to social engineering attacks, and a bit more specifically, phishing attacks. A 2021 report by atlasVPN indicated that social engineering attacks were responsible for the most organizational data breaches (14%) in 2020. Furthermore, PhishLabs’ most recent Quarterly Threat Trends & Intelligence Report found phishing site volume increased by 28% in 2021, among other concerning statistics.

A lack of comprehensive, consistent, and engaging training can also lead to bad password hygiene, password theft, or even accidental data breaches like those discussed earlier. Proper employee training, on the other hand, can help to mitigate phishing and other social engineering attacks when implemented according to best practices. Unfortunately, organizations often neglect security training, and will sometimes even fail to create and enforce data security policies and procedures for employees to follow in the first place.

6. A False Sense of Security

For the most part, all of the data security risks discussed up to this point are fixable by implementing concrete changes within your organization. Unprotected data and external threats like hackers can be accounted for by implementing data security solutions that integrate with your software and workflows. Undertrained employees and human error within an organization often go hand-in-hand and can be addressed by creating a thorough set of corporate data security policies and taking a more frequent and engaging approach to employee training. Even an outdated network security model can be updated to fall in line with best practices.

Having a false sense of security, though, is perhaps an even more dangerous risk to organizations’ security because fixing it requires a change in philosophy from the top down. If an organization’s c-level executives maintain an “it will never happen to us” mindset— “it” referring to a major security incident—other security risks may not appear to be risks at all. Evidence suggests that nearly 8 in 10 consumers decide which organizations to do business with based on their reputation for information security,  and because it only takes a single data breach to leave an organization’s reputation and bottom line severely damaged, changing your organization’s security mindset for the better is well worth the time and effort even if it isn’t an easy fix.

Source: HelpSystems