Backing up servers, workstations, and other devices is a best practice and business imperative, but backups alone are no guarantee of business continuity and data protection. While creating a backup, be it a disk images or copies of files, is the start of a disaster recovery plan, it is no guarantee that a company can recover if the backup is damaged. However, an even greater concern could be the theft of an organization’s confidential data if a backup itself is stolen or otherwise compromised by an attacker.

Today’s cyber criminals are far more devious and effective than those of generations past. In the early 2000s, a cyberattack often consisted of damage to data or the theft of files. Today, attackers can steal data without the victims even knowing the theft occurred.

Phantom cloud accounts

With so much data today stored in the cloud, sophisticated attackers now can redirect backups or traditional data storage from the victim’s own cloud-based accounts to those of the attackers. Essentially, today we have organizations saving their data to their attackers’ web accounts, even though it would appear to the victim that their data was housed safely in their own cloud environment.

For organizations that are saving their backups to the cloud, their security professionals need to ensure periodically that they are indeed saving the backups to their own accounts, not a redirected account. Using compromised systems administrator credentials and by by-passing second-factor authentication in a manner similar to that of Russian state actors described in the Sophos Naked Security article CISO warning: “Russian actions bypassed 2FA” – what happened and how to avoid it, cyber criminals can highjack one or more accounts on a cloud server and access corporate files, including backups.

Protect your backups

Backups that are not encrypted could be compromised, allowing attackers with the ability to both read the data in the backup and/or inject malware into the backup so that if the organization’s servers are later compromised, the backup would re-infect the servers when the backup is restored.

Having encrypted backups is not only a best practice for cybersecurity but one of the 12 keystone security controls the cyber insurance firm Marsh McLennan Agency lists as a top five security control required to qualify for obtaining cyber insurance. Encrypted backups rank right up at the top of the list of essential controls along with multifactor authentication, endpoint detection and response, privileged access management, and email filtering and web security.

Backup products that monitor for anomalies in access and data patterns can be used to identify potential malware on the system, including ransomware attacks. Integrating the server backups with existing security information and event management (SIEM) software or security orchestration, automation and response (SOAR) applications could help the IT security team identify system aberrations that could alert the team to a potential system compromise.

Plan for an attack

Creating a backup strategy that anticipates an attack can provide the organization backing up their data with an edge. Let us assume that the servers being backed up are running a version of Windows, be it for workstations (Windows 10 or 11, for example) or a Windows Server version. If the organization is primarily a Windows-centric enterprise, then an appropriate backup system would be running Linux and storing the resultant backup on a Linux system not connected to the corporate network.

While this approach is not foolproof, it will eliminate a sizeable percentage of attacks designed for Windows-based networks.

Selecting the right off-site storage environment can have a significant impact on the restore rime required for a backup. If you choose to have a hot site as a backup — a site that exactly mirrors the existing network so if the primary network fails, there is a duplicate ready to take its place — consider putting some distance between the two sites.

After a major hurricane hit Florida in the early 2000s, one company was forced offline for several weeks because its hot site was located just a few miles away. Flooding not only damaged the company’s primary data center but also the backup. Similar occurrences were reported after the felling of the two World Trade Center towers. A major data center was located below one of the towers. Companies in the towers that used the data center as their hot backup not only lost everything in their offices, but also all their backups when the data center was buried under tons of debris.

A better option is to select a location perhaps a hundred or more miles away. While there will be lag time between writing data to a local disk and writing that same data to the hot backup, the physical separation eliminates any potential carry-over effect from a disaster, natural such as flooding from a hurricane or fire damage from a massive forest fire. Rarely does a natural disaster impact facilities a hundred or more miles apart, although that could happen if the facilities are long natural disaster lines, such as common paths for hurricanes on the east coast.

Protecting backups from being compromised, intercepted, or damaged is an essential task of an organization’s cybersecurity team. With World Backup Day right around the corner, security teams should re-double their efforts to ensure every backup is safe, secure, encrypted and stored in multiple locations, including at least one location far from the source servers.

Source: Sophos

Source: Sophos

When searching for security solutions for your organization, it may be easy to assume your solutions need to be unique to your data, your employees, and your industry; and you wouldn’t be wrong in your assessment. Choosing the right security solutions that are financially sustainable, integrate with your current solution(s), and streamline rather than obstruct workflows can mean opting for vastly different ones compared to your closest competitors. What nearly every modern organization has in common today, though, is that they create and share more data than they ever have before.

Organizations’ desire to make collaboration and the transfer of data in general as seamless and efficient as possible has only increased in recent years, and the rapid transition to remote work due to the COVID-19 pandemic has only intensified that desire. But just because collaboration is becoming easier and more automated does not necessarily mean your data is becoming more secure. While data classification solutions can help identify and give context to your data and secure managed file transfer solutions can encrypt that data and streamline transfer processes, organizations often find their data and its protection are out of their control once it leaves their network or the bounds of their MFT tool.

This is where the concept of secure data sharing comes into the equation for many of these organizations. Like with other types of security solutions, however, data tracking can serve different purposes depending on the types of data your organization handles and the situation in which the data tracking is employed. Organizations can help to solve these three commonly faced security challenges by tracking their data.

Secure Data Sharing Gives Organizations Better Visibility Over Employee Activity

One of the most fundamental components of secure data sharing is data tracking, and a common issue organizations frequently face when they don’t track their data is a general lack of visibility. Data tracking allows organizations to keep their sensitive data protected by knowing where it’s located, how it’s being handled, who can access it, and who those people are sharing it with.

Without proper data visibility, it can become quite difficult to monitor how well (or how poorly) your organization’s employees are following the company’s corporate data security policies, thus making those policies more difficult to consistently enforce. If one or several of your employees are actively practicing bad security hygiene, without data tracking, your organization’s security team may fail to identify those bad practices until a data breach occurs. In this way, data tracking can be seen as a preventative measure with its objective being to prevent a breach before one ever occurs.

Secure Data Sharing Allows Better Data Policy Oversight Across Organizations

While it’s one thing to ensure proper visibility over your own employees, ensuring the same level of visibility once sensitive data leaves your organization is a challenge of its own. Oftentimes, IT and security executives will find that they’re able to maintain healthy data security practices within the bounds of their organization, but when their data leaves the organization, proper control over its access and handling is lost.

Organizations are sharing more information than ever before and, as time goes on, it’s safe to assume more organizations will aim to establish more collaborative data ecosystems. According to TechRadar, such organizations that choose to embrace these ecosystems have the potential to save up to 9% of their annual revenue over the next several years. More collaborative environments make organizations more productive, create savings, and add revenue.

With more data sharing, however, comes more security risk. Thankfully, some of that risk can be alleviated by practicing secure data sharing. While corporate data security policy compliance can sometimes be encouraged, monitored, and enforced within your organization with methods besides data tracking like continued education and training, once the data leaves the organization, it becomes far more difficult to know whether or not it is being handled according to your corporate standards. No matter who may hold your data in their hands, employing solutions that make use of secure data sharing practices like data tracking, access privilege control, multi-factor authentication, and end-to-end encryption will give you and your organization more power over your data anywhere and anytime.

Secure Data Sharing Can Prevent a Breach Before One Ever Occurs

Even after employing a solution that tracks your organization’s data to ensure your employees and partners are handling it with care, accidents can still happen. The reality of collaboration is that, beginning the moment your sensitive data leaves the organization, it becomes more susceptible to a breach.

While data tracking on its own may not be enough to stop a breach from happening, organizations can take advantage of it to better understand where, why, and how a breach occurred. Gaining such information can be instrumental in preventing more breaches from occurring in the future, particularly if the original breach was caused by human error.

Gaining information from a breach can help you to know where your data security strategy may have gone wrong, but the goal of expanding on data tracking by  implementing more comprehensive data sharing solutions should be to prevent a costly data breach before one ever occurs. At HelpSystems, we firmly believe our secure data sharing solutions can do just that.

[vc_row][vc_column][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_weight=”300″ text_color=”color-210407″]Datto. What Is SaaS Protection (Software as a Service)? (Part 2)[/vc_custom_heading][vc_column_text]

Why the SaaS business model is a good fit for managed service providers

Leveraging SaaS services for your clients is a great way to scale your service offerings. Software as a Service solutions are normally delivered by a license subscription model which fits perfectly with the MSP service model. The overall objective is to be able to quote your clients on a per user/per month basis.

SaaS tools present different risks to your clients’ data than traditional software. As a result, you can enhance your service offering further with rsecurity add-ons.

How to ensure SaaS security with a multi-layered security approach

As an MSP you can deliver security as a service as an add-on for SaaS products to ensure that your users are protected.

Shared data responsibility & SaaS backup

Most SaaS providers design their SaaS infrastructure with built-in redundancy and other high availability measures to ensure that they won’t lose your cloud data.

However, if you have deleted data or fallen victim to a cyberattack, the responsibility to restore that data may fall on your shoulders. Microsoft calls this the Shared Responsibility Model. As an MSP your credibility is on the line to be sure that you’re protecting your clients’ data no matter who is responsible for a data loss. In your clients’ eyes you are solely responsible for protecting their data.

This is why Datto developed SaaS Protection, so you can take full control of protecting data stored within Microsoft 365 and Google Workspace.

Learn more about how Datto SaaS protection is your first line of defense against cloud data loss.

Login controls/authentication

One of the major benefits of SaaS apps is that your data is available anywhere. However, this can also make your data vulnerable to social engineering attacks which attempt to gain your login credentials.

There are a few ways to mitigate this threat. One method is to train end users and your own employees about what to look for in social engineering attacks, such as phishing emails. Another is to activate 2FA, or Two Factor Authentication, login on all SaaS applications — more and more businesses are making this login authentication a requirement for access as attack vectors grow and risks to data increase.

Learn More about 2FA Here

Be cautious of SaaS integrations

On the surface, data integration and streamlining the flow of data across business applications seem like obvious steps. However, as you improve data flow you may also be easing access for hackers or increasing possible vulnerabilities from cyberattacks.

It’s essential to always test and verify every application that you integrate to ensure that you’re not increasing exposure to threats.

Advanced Threat Protection for SaaS platforms

Another great way to protect users is with an advanced threat protection (ATP) solution such as Datto SaaS Defense. ATP solutions are designed to stop attacks/malicious emails before users even have a chance to interact with them.

Protecting SaaS data with Datto SaaS Protection and SaaS Defense

With Datto SaaS Defense, MSPs can proactively defend against malware, business email compromise (BEC), and phishing attacks that target Microsoft Exchange, OneDrive, SharePoint, and Teams. With Datto SaaS Protection working alongside SaaS Defense, you are able to backup, protect and recover SaaS data whenever necessary.

Source: Datto[/vc_column_text][/vc_column][/vc_row]

[vc_row][vc_column][vc_custom_heading heading_semantic=”h1″ text_size=”h1″ text_weight=”300″ text_color=”color-210407″]Datto. What Is SaaS Defense (Software as a Service)? (Part 1)[/vc_custom_heading][vc_column_text]SaaS stands for “Software as a Service” and is a cloud-based IT service. It is an on-demand software that can be accessed by the user via an internet connection. Saas is one of the most popular ways to provide business software to consumers thanks to its many benefits, including scalability, low cost, and ease-of-use.

As businesses have shifted from office-based to remote work, leveraging SaaS platforms has been key to keeping businesses running. However, with this increase in remote workers comes an increase in security risks due to the lack of secure infrastructure of a corporate office. To help managed service providers (MSPs) protect remote workers from potential cloud data loss, we have compiled this useful guide.

Read on for a deep dive into SaaS and how you can protect yourself from potential security threats.

SaaS vs traditional software

SaaS is a software distribution model where the software and its data are centrally hosted. This model offers benefits to customers by providing a more stable environment and making it easier for them to maintain their software.

Traditional software is typically installed on a customer’s own computers and managed by that customer. It provides more control over the environment, but it also means that the customer has to install updates, manage backups, and install new hardware if necessary.

Common examples of SaaS companies

There are thousands of SaaS software vendors to choose from, but the more popular ones include:

• Google Workspace
• Microsoft 365
• Salesforce
• Dropbox
• Slack
• Hubspot

These companies are leading examples within the SaaS industry and have come to define the framework of successful Software as a Service companies. However, it’s always worth investigating who has liability for what when it comes to choosing a SaaS Vendor. We put together a few top tips from Managed Service Providers on what to look for.

Types of SaaS solutions

• Accounting Software
• Billing and Invoicing Software
• Collaboration
• Customer Relationship Management (CRM) Software
• Email Marketing Software
• Enterprise Resource Planning (ERP) Software
• HR
• Marketing Automation
• Project Management Software
• And more

SaaS tools are primarily involved in key business functions and often contain sensitive data. As a result, they are also prime targets for cyber attacks and hackers.

Discover how to protect your business data with Datto SaaS Protection.

What to look for in a business SaaS solution

When it comes to looking for the right SaaS technology to protect your clients’ data it’s essential to make sure it fits your purpose. Here are five key elements to look out for:

1. Liability

Know who is liable for what SaaS providers ensure they won’t lose your customers’ cloud data with built-in redundancy and other high availability measures. However, they do not take responsibility for restoring data if your customers were to lose it. Microsoft calls this the Shared Responsibility Model for data protection.

2. Comprehensive protection

Some SaaS backup solutions only protect email, files, and folders. However, there are solutions available today that offer more comprehensive coverage. When selecting a backup product, look for solutions that offer protection for things like contacts, shared drives, collaboration and chat tools, and calendars. SaaS protection solutions that offer this type of coverage are far more effective at maintaining business continuity than less robust offerings.

Learn more about comprehensive SaaS Protection

3. RPO/RTO

Recovery point objective (RPO) and recovery time objective (RTO) are also critical considerations. These metrics refer to the point in time you can restore to and how fast you can perform a restore, respectively. When it comes to backup these are largely dictated by the frequency of backups and what specifically is being protected.

Solutions that offer frequent backups address RPO since they enable you to restore to a recent point in time, minimizing data loss. As noted above, these make restores faster and easier by reducing the amount of manual effort to perform restores. Plus, they enable users to access data in the event of an outage.

4. Security/Compliance

Many MSPs serve clients in verticals with significant security and compliance requirements. So, choosing a SaaS protection solution that can address these needs is essential. Look for products that back up data in compliance with Service Organization Control (SOC 1/ SSAE 16 and SOC 2 Type II) reporting standards that can meet clients’ HIPAA and GDPR compliance needs.

Solutions that enable automated retention management to meet compliance standards can reduce the need for manual intervention. This streamlines management and ensures that client data is stored for the right length of time.

5. MSP business growth

No discussion of product evaluation for MSPs is complete without considering profitability. Look for products that have the features and functionality you need at a price point that allows you to build margins on your services. Consider products that offer pricing benefits for MSPs such as sales-based discounting and flexible “pay for what you use” licensing.

As noted above, products that increase efficiency can also grow margin and increase revenue, since they require less manual intervention. You may also want to bundle SaaS protection on top of SaaS services that you already deliver — this has proven effective for some MSPs. This isn’t necessarily part of the product evaluation process, but it’s worth noting when discussing business growth.

To get more top tips on what to look for in a business SaaS protection solution, download our ebook.

https://www.youtube.com/watch?v=ZR1PJiSbzCg[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column width=”1/1″][/vc_column][/vc_row]

There is a maxim in the business continuity market that says that a backup on its own is worthless, but restoring a backup successfully is priceless. Too many organizations have suffered from backups that either failed to restore—or restore correctly—or that were already compromised. Failed backups are of no value from a business continuity perspective. 

However, backups that restore correctly, are clean of all malware, and were encrypted so that the IT security teams knows that they were not compromised after the backup was created, are considered the best scenario for IT managers. 

According to Sophos’ The State of Ransomware 2021 report, 37% of respondents said they were hit by ransomware and on average. While 96% said they got back their data after paying the ransom, only 65% of the encrypted data that was affected was restored. These statistics underscore how essential it is to not only have secure backups, but also protected backups stored in more than one physical location that are directly connected to the network.   

Types of backups  

There are five types of backups: 

1. Full File-based backup: A full backup is the simplest form of backup, which contains all the folders and files that you selected to be backed up. This is called a file-based backup because it only backs up visible files, not hidden or system files that are often hidden. 
2. Incremental Backup: This backup only includes files that were not backed up the last time. When restoring backups made from incremental backups, you must restore each incremental backup in order that it was created, starting with the full backup. 
3. Differential Backup: Differential backups only include data that was added or changed since the most recent full backup. When restoring using this method, you need only restore the initial full backup and the most recent incremental backup. 
4. Image Backups: An image backup includes everything on the disk, including any hidden or system files. You can use incremental or differential images to supplement your full image backup.  
5. Copy Jobs: This includes individual files or folders copied from one location to another. 

 Recommendations on effective backup restores 

Since restoring the backup really is the ultimate goal, it is important to focus on what makes for successful backup-and-restore policies and procedures.  Here are some recommendations that you might find helpful. 

• Scan and validate: Scanning a drive for malware and other potential compromises prior to backing it up helps to reduce the possibility of restoring a problem should the drive in question become compromised. Once a backup is created, that backup immediately should be rescanned to validate the backup was successful and can be restored. This significantly reduces the future potential of having an invalid or corrupted backup. This should be done with master backups (full file backup or image backup) and any incremental or differential backups. 

• Multiple copies: It is a best practice to have multiple copies of each backup — one easily accessible and one off-site in the cloud. For highly sensitive data or mission-critical intellectual property, you might consider a physical copy stored in a vault. Multiple copies provide additional security should your primary backup site become damaged or compromised. If you store physical copies offsite, make sure each physical disk is clearly identified with a date of creation and description of what is on the disk. 

• Encrypted backups: A best practice is to encrypt all backups.  

• Write-protected backups: Some security professionals use an application that not only encrypts the data, but also locks the backup so it cannot be decrypted, mounted and then modified. While some IT security pros prefer to be able to rescan a backup periodically or install security patches into a backup, others prefer to keep backups pristine and apply patches only if the backup needs to be restored. 

• Test your backups: Even if you are not required to restore a backup due to a failure, it is a good practice to periodically restore a backup to a test machine. This practice enables the security team to test restoration policies and procedures periodically. Should software change or new staffers added, such tabletop exercises help ensure expertise of the staff.  

Best backup schedules 

One of the more popular backup strategies is called the Grandfather Father Son Backup. This consists of a “grandfather” backup that is done once a month, the “father” component being a full backup once a week, and the “son” backup being a daily incremental. There are variations of this approach with the father backup being a weekly differential backup. It also could include a variety of backups during the day, such as an hourly catch-up or a backup at any time after specific criteria is met, such as prior to a software installation or a reconfiguration of the network, or after a malware scan. 

As part of this backup strategy, the security staff might choose to do one backup at one time for a local site or cloud instance and a second time for the opposite local or cloud instance. The overhead will depend on various factors, including the backup software you select, whether you are backing up to the cloud or locally, the amount of data being backed up, and metrics that might be unique to your situation. 

 Learn more 

Sophos offers two products that help protect your backups. Sophos Workload Protection secures backups in the cloud and on the premises. Sophos Cloud Optix monitors Amazon Web Services (AWS), Microsoft Azure and Google Cloud Platform (GCP) accounts for cloud storage services without backup schedules enabled and provides guided remediation. 

Source: Sophos

Many IT organizations use shared accounts for privileged users, administrators, services, or applications so that they can have the access they need to perform an activity. Account sharing often entails use of the same account credentials to authenticate multiple users. Without proper management controls in place, the practice of account sharing presents significant security and compliance risks from intentional, accidental, or indirect misuse of shared privileges.

Even for the savviest IT teams, the task of managing shared accounts introduces complexities and risks:

• Embedded and hardcoded passwords present opportunities for misuse by both insiders and external attackers on the network.
• Passwords for application-to-application and application-to-database access are often left out of management strategies.
• Static passwords can easily leave the organization, and manual password rotation tends to be unreliable.
• Auditing and reporting on privileged access is complex and time consuming, since it is difficult, or impossible, to attribute any of the session activities of a shared account back to a single identity.

The product team is pleased to announce the latest maintenance release update for SFOS with important customer and partner requested features, as well as important security, performance, and reliability fixes.

It is a critically important cybersecurity best-practise to keep your firewall updated with the latest firmware.

SFOS v18.5 MR3 Highlight:

DHCP Boot Option Configurations – This new feature addresses an important customer and partner request to enable additional DHCP boot options for clients on the network such as VoIP phones or other types of devices that have unique DHCP requirements.

Additional Updates:

• Support for kernel dump reporting to improve trouble shooting and root-cause-analysis in the event of an issue
• Email protection anti-spam engine updated to Sophos Anti-Spam Interface
• Several important security, performance and reliability enhancements including a fix for a recently disclosed OpenSSL DoS vulnerability

How to get it

As usual, this software update is no charge for all licensed Sophos Firewall devices and should be applied to all supported firewall devices as soon as possible.

It will be rolled out to all connected devices over the coming days. A notification will appear on your local device or Sophos Central management console when the update is available allowing you to schedule the update at your convenience. Otherwise, you can manually download the latest firmware from MySophos and update anytime.

Sophos Firewall OS v18.5 MR3 is a fully supported upgrade from v17.5 MR14 and later, v18 MR3 and later, and all previous versions of v18.5.

Are you Using Remote Access VPN on your Firewall?

If you’re using remote access VPN on your Sophos Firewall, you will want to know that we recently launched Sophos ZTNA which offers a much better solution for connecting remote workers. It offers better security in many ways (especially from Ransomware attacks), easier management, easier deployment, and a much more transparent end-user experience. Check it out.

Source: Sophos

[vc_row][vc_column][vc_column_text]When the OWASP Top 20 Vulnerabilities was first published it revolutionized our industry’s approach to vulnerability management. Instead of playing wack-a-mole with thousands of individual vulnerabilities every time a new one was discovered, we approached vulnerability management by primarily addressing these Top 20 Techniques.

Still considered “advanced”, behavioral detection has just begun to hit the mainstream. But, as the incident response (IR) cases we support continually confirm, adoption is still lagging for 90% of the mid- and SMB market. It’s in no way controversial anymore to state that, in order to detect and stop modern attacks, organizations need to have behavioral monitoring capabilities, especially on the endpoint.

One problem is that we’ve been led to believe that if we adopt behavioral detection, we need to spend a lot to maximize coverage of all the various attacker behaviors. This is a disservice.

Our intention in detection among most organizations (aka, the ones that don’t have a full-time threat intel team) should be to stop focusing on individual, novel attack techniques and concentrate defenses against the Top 20 most commonly observed ATT&CK techniques that are also achievable to monitor. These are the ones that actually matter, and the ones that will catch more bad guys, more often.

The following list is consolidated from our own data and cross-referenced with various forensic reports on observed attacks over the last few years:[/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text][/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_column_text]When it comes to these these behaviors, common doesn’t mean commodity or “less advanced”, these are common because successful attackers use them to evade legacy protection/prevention. These are the techniques the advanced players are using and they are in the hands of the commodity players through frameworks like Cobalt Strike.

Thus, making your detection capabilities robust against these 20 techniques will deliver more bang for your buck than any other approach while saving you time and money from hunting “Bluebird” techniques and behaviors you’re more than likely not going to see in your one network.

Is Top 20 enough?

Yes!

We respond to a lot of attacks and have been doing threat hunting and response in organizations large and small for over a decade. In that time, there have been very few attacks that don’t exhibit behaviors that overlap with the above list of 20 that you could be monitoring for today.

When SolarWinds Solarigate a.k.a. SUNBURST hit in December 2020, everyone said this was novel; and the entry vector certainly was. Once you dug in though, the same top 20 behaviors could be observed: The novel supply chain vulnerability was used to spawn malicious Powershell (T1059), scripts (T1059), memory injections (T1055), lateral movement (T1544) techniques, and credential dumping (T1003).

When Hafnium hit Exchange Servers using the latest Exchange zero-days we saw the same things: new novel entry vectors leading to many of the same top 20 common behaviors like WebShells (T1505) spawning PowerShell commands (T1059) and injecting Cobalt Strike into memory (T1055).

Everyone effectively monitoring for the top 20 attacker behaviors had the visibility to see these attacks unfold and my prediction is the next big vulnerability will be found by monitoring for them as well.

Conclusion

Ultimately, the Top 20 approach is an acknowledgment that not all techniques are necessary to alert or monitor to detect attacks. Defense in Depth still works: every tactic and technique you have visibility into is a detection opportunity in the attack chain, and the top 20 is broad enough to cover you against even some of the most advanced attackers. We are all strapped for resources; don’t chase the highest coverage and focus on the top 20. With these 20, there are exceedingly few attacks that could ever get past your notice.

Source: Datto[/vc_column_text][/vc_column][/vc_row]

SEP sesam version Jaglion – the hybrid of jaguar and lion symbolises the combination of the best features that have been impressively implemented with the latest version of SEP sesam Hybrid Backup.

Jaglion includes even more diverse new features and adapts even better to the growing needs of changing IT environments.

But not only new agents, but also significantly improved features, variety, performance, data security and usability will make your life easier.

The SEP sesam backup and recovery software is so far unique in the EU. Especially the range of functions, the performance and the user friendliness stand out.

Our software was developed to be able to restore data extensively and with high reliability.

The use of Si3 NG inline deduplication also makes it possible to detect duplicate data fragments and thus optimise the recovery process. This is because duplicate documents are only recovered once. Previous recovery systems usually only restore all or selected data, which causes significant additional work.

SEP data recovery is more reliable and, thanks to the aforementioned data optimisation, faster than conventional systems. The use of the latest hardware and software technologies and the developed interfaces allow data recovery from different systems and increase performance, scalability and backup speed.

Furthermore, SEP sesam is easier to maintain than other systems and its reliability is higher than that of other systems due to its complex design. There is currently no comparable system on the market in the EU that provides such an overall performance and delivers the technical data security for the GDPR.

What is Conti Ransomware?

Conti is a ransomware-as-a-service (RaaS) affiliate program, first appearing in early 2020. Associated with Russian-speaking cybercrime actors, Conti ransomware developers sell or lease their ransomware technology to affiliates, who then use that technology to carry out their attacks.

The group behind Conti has published a website where they leak documents extracted by the attackers. Data belonging to hundreds of different sectors and organizations have been shared on the Conti extortion site.

How does Conti ransomware work?

Conti automatically scans networks for valuable targets, encrypting every file it finds and infecting all Windows operating systems. Conti acts in a similar manner to most ransomware, but it has been engineered to be even more efficient and evasive. Once executed on the victim’s endpoint, Conti works by:

• Immediately encrypting files and changing the file extension of the encrypted files. Each sample has a unique extension that the malware adds to the encrypted files.
• Attempting to connect to other computers on the same network subnet using the SMB port (445).
• Leaving a ransom note in every folder that has the filename readme.txt/conti_readme.txt

Initial deployment

The attack kill chain begins as soon as the actors first gain access to the network. This often occurs via an email phishing campaign that contains malicious attachments – such as a macro-enabled Microsoft Word document or password-protected zip file, which installs a first-stage malware (such as BazarLoader or Cobalt Strike) onto target systems. Conti today is sold behind a RaaS affiliation program and operated by different threat actors. Once Conti is executed, it initiates its encryption and spreading routines.

Evasion techniques

The Conti code is sophisticated with many obfuscation techniques designed to evade the common security techniques and security teams – including a multithreading technique used to encrypt all the files quickly. This allows for maximum damage before it can be identified and stopped by endpoint security products. Conti uses 32 concurrent CPU threads to hasten the encryption process, making it much faster than most ransomware.

The ransomware uses relatively common anti-analysis techniques, which are runtime API loading and obfuscating specific API calls by using hash values. It also uses an API-unhooking mechanism built inside to disable EDR-based API hooks.

Conti’s developers have hardcoded the RSA public key into the data section of the PE file, which the ransomware uses to perform its encryption. This means that it can begin encrypting files even if the malware is unable to reach its C&C servers.

Lateral movement

The Conti ransomware immediately moves laterally within the network. It does this by attempting to connect to other computers on the same network subnet using the SMB port. If it finds any shared folders it can access, it will try to encrypt the files on the remote machines as well.

Four ways to protect against Conti ransomware

There are 4 primary ways of protecting against Conti Ransomware:

1. Detect Conti pre-delivery

In the vast majority of Conti ransomware attacks, the phishing email is the starting point. Therefore, the logical and best place to start is with an email protection solution that detects advanced threats, such as Datto SaaS Defense. As a result, the threat is stopped upstream, preventing further damage.

2. Protect each endpoint

Next, it’s important to protect individual endpoints from infection. A remote monitoring and management (RMM) tool is critical here to ensure that no individual machines have been compromised and any attempt to infect individual machines is picked up and dealt with as early as possible.

3. Prevent the lateral movement of the ransomware

As we’ve seen, Conti ransomware will attempt to move laterally within the organization using SMB. Again, at this stage, an RMM tool is your best chance of keeping your network secure and isolating the infected machine, without necessitating a complete shutdown of the entire network.

4. Back up your data

Properly backed-up data is key to ensuring business continuity in the case of an attack – and something that helps you sleep well at night. Specifically for MSPs, this is critical in ensuring your clients have a backup solution. When it comes to data backup, there are numerous backup solutions available including:

• A full Business Continuity and Disaster Recovery (BCDR) suite: for example, Datto Unified Continuity which covers all business continuity and disaster recovery needs including protecting servers, files, PCs, and SaaS applications.
• Datto SIRIS, a reliable, all-in-one business continuity and disaster recovery solution built for MSPs to prevent data loss and minimize client downtime.
• Datto ALTO, a small but powerful business continuity and disaster recovery solution built for MSPs to minimize downtime and efficiently prevent data loss for their small business clients.
• Datto Cloud Continuity for PCs which protects MSP clients’ Windows-based computers from downtime and data loss and rapidly recovers data in case of disaster.
• SaaS Protection, which offers reliable and secure cloud-to-cloud backup for Microsoft 365 and Google Workspace to ensure critical cloud data is protected.

Conti ransomware isn’t going anywhere

Unfortunately, Conti ransomware is here to stay. We’ve seen recent news regarding activity from the Conti ransomware group as well as new variants that are sure to cause further damage in the future. With a robust defense and response plan for Conti ransomware, you can ensure users, clients, and your organization are protected against Conti and other ransomware attacks.

Discover how Datto can help protect your business against ransomware attacks.

Source: Datto

In sports, there is a saying that if the opponent cannot score, they cannot win. A similar sentiment works for cybersecurity: If the attacker cannot penetrate your organization, they cannot compromise it.

Taking that a step further, the most effective way to eliminate the possibility of a breach escalating into a business-threatening attack is to stop it before it starts — reduce your attack surface to the minimum you can so you can identify a potential incident before it gets a foothold and eliminate it.

Optimizing prevention

Today, users and data can be anywhere. Users can work from the office, airport, coffee shop, or work from home. Data can reside in the cloud, a business partner’s network, or on an employee’s mobile device. These factors and more change your attack surface. The volume of potential and successful breaches is increasing as attackers take advantage of automation, artificial intelligence (AI), and malware delivery platforms in their attacks.

Here are some interesting data points from Sophos’ survey of 5,400 IT and security professionals: 61% of IT managers report an increase in attacks on their organization in the past year. Also, the complexity of attacks is increasing. Adversaries increasingly use sophisticated tactics, techniques, and procedures (TTPs) in their attacks. Some 54% of IT managers say attacks are now too advanced for the IT team to deal with on their own.

This is why optimizing prevention is a vital part of Sophos’ endpoint protection strategy.

They say an ounce of prevention is worth a pound of cure. In the cybersecurity world, preventing a single ransomware attack could result in saving millions of dollars simply by stopping the threat before it even has a chance to enter your organization.

First, you need to reduce the attack surface, removing opportunities for attackers to penetrate your organization. Some examples of how Sophos achieves this is by:

• Blocking potentially unwanted applications
• Blocking malicious or suspect websites based on content or URL rating
• Controlling which applications are allowed to run in the organization
• Controlling which devices are allowed on the organization’s network or able to access cloud assets
• Locking down server configurations in a single click

The next step is to prevent attacks from running, using layered protection technologies to stop both the threats and the tactics attackers use, including:

• Artificial intelligence (AI)-based behavior prevention that blocks the unknown based on techniques, behaviors, and anomalies
• Behavior-based anti-ransomware technology
• Exploit prevention that stops the techniques attackers use, protecting against attacks that leverage previously unknown vulnerabilities

Last year’s Kaseya attack is a prime example of the importance of prevention — by the time the attack was detected, it was too late, and the files were encrypted. Not a single Sophos customer with our next-gen endpoint protection correctly deployed had their files encrypted in that attack.

The prevention capabilities in Sophos Intercept X endpoint protection block 99.98% of threats (AV-TEST average score Jan-November 2021). Defenders are then able to better focus on the suspicious signals that require human intervention.

Minimize time to detect and respond

Today’s sophisticated attackers often exploit legitimate IT tools and security holes to penetrate their victim’s network. Every second counts when an adversary is in your environment. Yet all too often, defenders are slowed down by an overwhelming volume of alerts, limited visibility, a lack of insight, and slow, manual processes.

By optimizing prevention, Sophos enables defenders to focus on fewer, more accurate detections and streamline the investigation and response process.

To illustrate the point, I’d like to share data from Sophos Managed Threat Response (MTR), our 24/7/365 managed detection and response (MDR) service. The mean time to detect (MTTD) the attack is less than one minute. Enriched investigation techniques result in a mean time to investigate (MTTI) of 25 minutes, and the mean time to resolution (MTTR) is 12 minutes. This results in a total time from detecting the threat to resolving it of 38 minutes.

Let’s put those 38 minutes into perspective. According to the research firm Statista, the average duration of business interruption and downtime after a ransomware attack is 22 days. And that’s alongside the ever-increasing recovery costs, which have more than doubled in the past year.

Stop more threats, faster

In a challenging cybersecurity environment, optimizing prevention and minimizing time to detect and respond leads to much faster remediation of threats. Ultimately, it enables you to achieve better security outcomes.

To learn more and discuss how we can help with your security challenges, visit our website and speak with a member of the team.

Source: Sophos

On May 7, 2021, the largest oil pipeline system in the US suffered a major cyber attack.

A hacker group identified as DarkSide intruded into the colonial pipeline system and stole 100 gigabytes of data within a couple of hours. Following the data theft, attackers infected the pipeline’s IT network with ransomware. The consequences were severe. Fuel disruption, a peak in prices are just the tip of the iceberg. The colonial pipeline had to pay a hefty price of 75 bitcoins (worth $4.4 million at that time) as ransom in hopes of quick recovery. Although, a month later, the company was able to recover much of the ransom payment with the FBI’s help. But this attack woke us all up to the sheer need to protect our digital assets.

One such critical digital asset is web-based applications and services. They have become an indispensable aspect of our everyday life. Verizon’s 2021 Data Breach Investigations Report shows that:

Nearly two-in-five (39%) data breaches arise from web app compromises.

That’s why web application security has become the need of the hour.

Web application security encompasses the security of websites, web applications, and web services such as APIs. So let’s discuss the importance of securing your web applications and the best practices you can follow in this blog.

Why Is Web Application Security More Important in 2022?

Web applications have become quite prevalent in recent years. From online banking to online shopping, we rely on web apps for a wide range of uses in our everyday life.

This wide popularity, in turn, attracts the attention of cybercriminals. Hackers always remain on their toes to find vulnerabilities in web apps and exploit them to their advantage. A recent report by PurpleSec revealed that:

Over 18 million websites suffer malware infections at a given time each week.

Unsecured applications can result in massive service outages and downtime, leading to sales and revenue losses. As per recent estimates by Cybersecurity Ventures, ransomware costs are expected to reach $265 billion by 2031. This goes to show how dearly web application vulnerabilities can cost businesses if they are not taken care of.

In addition to financial losses, the absence of web application security can also threaten the company’s reputation and its goodwill among customers. For example, you lose your sensitive data and lose your customers’ trust during data breaches.

Moreover, the government is now cracking down on companies that do not follow adequate security practices. Some compliances like GDPR, PCI, and more, have been formulated to enforce web security and protect user privacy. Failing to abide by these compliances can lead to heavy fines, penalties, and lawsuits.

How Can You Secure Your Web Applications?

The stats mentioned above only enforce maintaining healthy practices to secure your web applications from the prying eyes of hackers. The most common threat to your web application is cyber security attacks. These include SQL injection, DDoS attacks, broken authentication, and cross-site scripting.

While we cannot stop hackers from inventing new fraud schemes and exploiting applications, we can learn the best web application security practices to mitigate the risks involved.

So, with that agenda in mind, let’s dive in!

1. Keep malicious traffic at bay with Web Application Firewalls

A web application firewall (WAF) is designed to secure web applications from application-layer attacks. It offers robust protection against the most critical web application vulnerabilities, such as cross-site scripting, injection attacks, cross-site forgery, broken authentication, among others.

You can think of WAF as a shield between the web application and the client. It constantly monitors and inspects the HTTP traffic going in and out of web applications. If the traffic is found to be safe, WAF allows it to pass through. On the contrary, malicious traffic is blocked from web apps to prevent threats and attacks.

The web application firewall uses a set of rules, also known as policies, to differentiate between safe and malicious traffic. These policies are customizable and can be tailored to meet the unique needs of your web application.

Web application firewalls can be configured in multiple ways. The two most common types of WAFs are:

1. Hardware-based WAFs
2. Cloud-based WAFs

Both have their advantages and disadvantages. So choosing the appropriate option for yourself is a matter of understanding your unique business needs and making the decision accordingly.

2. Encrypt sensitive data in transit with TLS

Data security is crucial for web applications. For example, when someone shares confidential information on your application, like personal details or bank credentials, they expect that information to be safely delivered and stored on your web server. That’s where TLS steps in to help.

Transport layer security (TLS) encrypts the communication between client and server via HTTPS protocol. As a result of this encryption, your web application remains protected against data breaches. In addition, TLS also authenticates the parties exchanging the information to prevent any unauthorized data disclosure and modification.

TLS protocol has become a standard security practice in recent years. It is also helpful from the SEO standpoint since Google uses a secure connection as a ranking signal.

To implement TLS on your website, you need to buy a TLS certificate from a certificate authority. Then, install it on your origin server. One can recognize TLS encryption by the padlock icon that appears right before the URL in the address bar. Besides, if the URL begins with “HTTPS”, it’s also a sign that your browser is connected via TLS.

3. Improve your security system with Pen Testing

Pen testing works on one principle: Hack your web app before hackers do.

It may sound outlandish at first, but it’s not. Here’s why.

If you can find vulnerabilities in your web application and take security measures to fix them, your chances of getting hacked in the future will drastically reduce.

That’s the idea behind penetration testing, popularly known as pen test or pen-testing. It’s a preventive measure to reduce, if not eliminate, cyber attacks.

In this cybersecurity exercise, cybersecurity experts, with permission, attempt to find and exploit vulnerabilities in your system.

They use different penetration tools like Nmap, Wireshark, Metasploit, etc., for this purpose. This simulated attack intends to test the effectiveness of your existing security policies and identify unknown vulnerabilities that hackers could exploit. It also discovers loopholes that have the potential to lead to data theft. Thus, the test reports help you identify vulnerabilities before hackers, helping you update your security solutions and patch vulnerabilities in time.

4. Inculcate security practices in the design and development phase

The majority of security incidents are caused due to defects in the design and code of the software. That’s why integrating security practices in the application design and development phase is crucial.

When it comes to the design phase, some of the best security practices include performing threat analysis, implementing design principles like server-side validation to mitigate risks, and building a security test plan.

For secure coding, developers should be educated about the OWASP Top 10 vulnerabilities and the OWASP secure coding practices they can adopt to prevent those vulnerabilities. Developers should also make a habit of scanning their code to catch security vulnerabilities early in the development phase. They can integrate security tools into the DevOps pipeline to find any vulnerability that may have sneaked into their code. This will allow them to revise their code quickly and nip the problem in the bud.

OWASP has also worked actively to identify the best coding security practices that can be integrated into the software development lifecycle to mitigate the most common software vulnerabilities.

5. Adopt a cyber security framework

The last element on our best cyber security practices list is employing a cyber security framework. A cyber security framework is a set of standards, guidelines, and practices that an organization can follow to manage its cyber security risks. The framework aims to reduce the company’s exposure to cyberattacks and identify the most prone areas to these attacks.

There are different types of cyber security frameworks. Some popular ones that dominate the market include the NIST cybersecurity framework, CIS, and ISO/IEC 27001. When it comes to choosing a cyber security framework for your organization, adopt the one that can protect the most vital areas of your business. You can also look at existing security standards prevalent in your industry for inspiration.

Conclusion

The dynamics of the web are ever-changing. Overlooking web application security can lead your business to massive revenue losses and reputational damages. The web application security practices discussed in this blog post will guide you to take actionable steps and set up a web security strategy that offers 24/7 protection and improve your web application’s credibility.

Source: Array Networks

The current Russia-Ukraine crisis is unprecedented. One aspect of the current crisis is the very real concern around increased cyberattacks on an unprecedented scale.

The concern is reasonable: there’s simply no way to know what’s going to happen next. And the concern stems not just from nation-state actors and their proxies: cybercriminals, hacktivists, and vandals also thrive in times of chaos and uncertainty like this.

With all these unknown and unknowable cyber risks and threats swirling around, it’s understandable that people are worried and even afraid and not sure what to do.

The important thing to remember is that we do know what we can do to better protect ourselves during this crisis. These are the same things that we can and should be doing every day and during every crisis. We just need to remember them and act on them.

Focusing and executing on five specific, concrete areas of action can help you better protect yourself and your organization from attacks during this time of increased uncertainty:

1. Alert and educate your users about the increased risks
2. Update systems, mobile, IoT and network devices and apps
3. Run and update security software
4. Secure remote access accounts and devices
5. Make and verify backups

Alert and educate your users about the increased risks

User education is always a key part of any cybersecurity program. People form the last defense against attack. With all that’s going on, many people may not be thinking about the increased cybersecurity risk and their role in helping to protect themselves and their organization. Help people understand we’re in a time of increased risk and that they need to exercise even more caution than usual against phishing, malicious links and attachments.

Update systems, mobile, IoT and network devices and apps

Keeping systems up to date with patches against vulnerabilities is always important but right now even more so. While people have gotten used to updating their mobile devices and computers using automatic updates, it’s important to also remember to update IoT devices, routers and remote access software and devices. Make it a priority to ensure that you’re updating everything, not just mobile devices and computers.

Run and update security software

Having security software on all your endpoints is important to provide protection against attacks. Out-of-date or misconfigured security software however not only fails to protect but can give a false sense of security. Take time to ensure that you not only have security software in place but that’s it’s fully up-to-date and configured properly. Take the time to verify you’ve got automatic updates working on your security software either by logging into it or through the management console.

Secure remote access accounts and devices

Lately, we’ve seen ransomware and more sophisticated attacks carried out successfully by using remote access to access the target network. This problem has become more serious since the pandemic began and remote access became more common. Two specific things that you should do to better protect your organization against these kinds of attacks is to make sure that your remote access devices and software are up-to-date, and that only valid accounts have remote access capabilities. If you’re not using multi-factor authentication (MFA) to protect your remote access you should look at implementing that as soon as possible as well.

Make and verify backups

Good, reliable, usable backups are your parachute and safety net rolled into one. Having good, reliable, usable backups can help you recover from ransomware and major cyberattacks. They can also help you recover from physical threats like natural or human made disasters. But backups only work if the backups are done correctly and can be restored. Take time to ensure that not only do you have a good backup strategy in place, including storing backups off-site, but that you can successfully restore from those backups quickly and effectively. A good rule of thumb is the “3-2-1 Rule”:

• 3 copies of your backups, including the one you’re using now
• 2 different storage locations for those backups
• 1 of which is offsite/offline

Conclusion

The reality is that we never know what’s going to happen each day. But times like right now bring that uncertainty into clearer focus and help us see that truth more clearly. And the reality is that the cyber threat environment for everyone is significantly higher: chaotic times breed more chaotic times and actions. All this uncertainty it can be overwhelming so that you don’t know what to do. And in the face of extraordinary threats, it can also seem like following ordinary guidance is insufficient. But the reality is that in times and situations like this, keeping focused on the basics still provides a solid foundation that can help you better protect yourself and your organization.

Source: Sophos

Sophos ZTNA provides a number of advantages over remote-access VPN – enabling remote workers to access the applications they need with much stronger security, all while making management a lot easier and providing a smoother end-user experience.

Better security

Sophos ZTNA provides better security for four reasons:

1. Sophos ZTNA removes the need for vulnerable old VPN client software on end-user laptops, which has increasingly become the target of ransomware attackers
2. Sophos ZTNA integrates device health into connection policies, enabling non-compliant or compromised devices to be denied connections to corporate applications and data
3. Sophos ZTNA only connects users to specific applications – not the entire network, eliminating lateral movement
4. Sophos ZTNA is unique in integrating with Sophos Intercept X to provide a single-agent solution that combines the world’s best next-gen endpoint with ZTNA – better protecting not just user devices, but also their identities, and the applications and networks they connect to

Simpler management

While remote-access VPN has become a full-time job for many, Sophos ZTNA makes day-to-day management easier:

1. It’s easy to deploy. If your apps are all browser based, you can use the clientless option. If you need remote system access, our single agent integrated with Intercept X is also super easy to deploy. And the gateways are also easily set up: all from Sophos Central.
2. It’s quick and painless to set up your identity provider in the cloud – particularly if you use Active Directory, as you can easily sync with Azure AD. It’s therefore easy to manage users as they come and go from the organization.
3. It’s very simple to add new applications and make them accessible through policies to just the users that need access.
4. There is tremendously rich and valuable reporting that provides great insights into bandwidth and resource utilization, allowing you to monitor usage and plan capacity for your networked applications.

Easier to use

Sophos ZTNA is much more reliable, seamless, and transparent than old-school VPN. It doesn’t slow users down, drop connections at the most inopportune time, or create headaches when attempting to connect – from anywhere.
Sophos ZTNA demo video

See Sophos ZTNA in action in this comprehensive demo video, which shows how a system can be set up using clientless access with a couple of different users, applications, and policies. Supporting remote workers shouldn’t be hard, and with Sophos ZTNA, it’s not.

Source: Sophos

In The New Normal in Cybersecurity Part 1, we examined three leading trends in the cybersecurity community over the past year. In this installment, we will take a look into the future and make predictions about where the cybersecurity landscape is potentially headed in 2022 and beyond.

#1: New Laws and Regulations

In the future, it’s likely that new laws and regulations will be enacted as the U.S. government increases its focus on cybersecurity activities, including increased data privacy legislation, increased executive liability, regulations around ransomware payments and rules of engagement for bad actors, and more focused controls over cyber liability insurance. Let’s take a look at each of these items more fully.

We have already seen the Executive Order from President Biden aimed at improving the security of Federal Government networks. With threat actors showing a focus on taking down critical infrastructure, the government will likely step up its efforts to address attacks and data privacy breach requirements. Specifically, for 2022 and beyond, there will most likely be increased emphasis on financial reporting aspects when it comes to privacy, including the cost of a breach to the organization.

Another likely forecast for the future is the increase of liability. Looking across all the information companies have and what the U.S. government possesses, it is critical to determine the steps organizations can take to help one another—and how will that impact liability. For example, when it comes to sharing information, how can security professionals and organizational leaders preserve their own company if they share information? Can shareholders and individuals’ right of action use this information against the company? Addressing liability related to data sharing will be a significant emphasis going forward, so the security community can pull pieces of information together and actually get ahead of the curve without facing significant barriers of liability. Listen to more on this from Chris Reffkin, Chief Information Security Officer, HelpSystems.

In the future, we will also likely see more executives scrutinized for not identifying what those data points and red flags mean to the organization in a compromised situation. The public will judge companies more harshly for not taking the right actions or being aware of security concerns within their organization. As organizations grow, executives must take a very active role in cybersecurity—and in the event that something happens, they have specific multi-layer strategies that prove despite their best efforts, an incident occurred.

Finally, with cyber insurance rates skyrocketing, it is essential for organizations to demonstrate good cyber hygiene to retain their policies at an affordable rate. If companies have poor cyber practices, they will likely not get coverage for the future or will encounter cost-prohibitive policies they cannot afford. As we have seen, cyber insurance carriers have exited the market at an alarming rate, so we may see the shift of companies moving toward a self-insurance model, rather than relying on a third-party provider.

#2: Heightened Cyberthreat Landscape

Now and into the coming year, organizations must buckle down on cybersecurity basics to protect against bad actors. And prevention really is the key to this. Once an attack has taken place, organizations scramble to respond and are reactive to the situation. Companies must take a proactive approach to focus their efforts on security fundamentals. Looking to 2022 and beyond, we will likely see:

• Increased Supply Chain Attacks
• Increased OT/IoT Attacks
• Increased Ransomware-as-a-Service
• Increased Use of Unique and Custom Cybersecurity Toolsets

Let’s highlight more in-depth two of these points. In the future, ransomware-as-a-service will likely increase tremendously. Why? Because breaching a network and gaining a foothold is still a viable option for bad actors. With so many flaws that exist in an organization’s security posture, breaches are common. Ransomware is really just automating a series of steps post exploit. So until the security fundamentals are shored up, these quick smash and grabs are still possible, particularly for SMBs.

Finally, in 2022 and beyond, we will likely see an increase in more skilled bad actors customizing their toolkits for specific targets. They are more difficult to detect, but it also gives them a custom signature. We will also likely witness more bad actors creating a business out of this. Because they have customized their toolkits and have gained a foothold—where the compromise may be undetected for days, months, weeks, or years—bad actors are creating a viable offering, providing illicit access as a means to insert additional malware, ransomware, trojans, backdoors, and to extort more ransom from the organization.

#3: Changes in Market and Organizational Behavior

With all the changes and forces at work, organizations are becoming overwhelmed. They have too many security solutions to monitor and cannot keep up with the demand for alerting and mitigation. In the future, by necessity, companies will look to consolidate their cybersecurity vendors and seek to get security tools and services from a single source or fewer sources. A recent IBM study found that, on average, companies use 45 cybersecurity tools in their networks. With the cybersecurity tech stack spiraling out of control, organizations will look to simplify their approach and work with security providers that can consolidate the greatest number of services under one umbrella.

Finally, and perhaps most overdue, cybersecurity will finally gain a seat at the board table. Organizations cannot unsee what has occurred over the last few years. Now there is greater recognition—and funding—for cybersecurity strategies and solutions. This means we will likely experience a marked shift around organizational playbooks. Specifically, from a risk management activity perspective, companies will move from a focus on asset protection to a focus on loss prevention. They will invest in loss prevention capability, bringing in data security and protection officers and bulking up their security teams. Executives and board members will also likely become more involved in cybersecurity as the need will only intensify in the coming years.

Adapting to a More Uncertain Future 

Agile risk management will continue to play an even greater role as organizations adapt to changing conditions and global events. And while there is no guarantee the predictions for 2022 and beyond will come true, there is one thing that is for certain—cybersecurity is more essential than ever. At HelpSystems, we are bringing together cybersecurity solutions, including infrastructure protection, data security, and identity and access management, with intelligence and automation solutions, including threat intelligence, IT and security automation, and centralized analytics, to help companies protect business-critical data and build a more secure, autonomous organization.

Source: HelpSystems