Elevate and extend your threat detection and response with deep network insights – available as a self-managed tool with Sophos XDR and with the 24/7 Sophos MDR service.

The best ways to keep your sensitive data safe include using strong passwords for each of your online accounts, backing up your data regularly and investing in a password manager. Your data is important and should be protected to reduce the risk of identity theft and other cyber threats.

Continue reading to learn what is considered sensitive data, how to protect your sensitive data and how Keeper^® can help.

What is considered sensitive data?

Sensitive data includes different types of Personally Identifiable Information (PII) that can reveal your identity.

Your personal, financial, health and business information is considered sensitive data because it is not available in public records and is kept confidential. However, when your sensitive data is compromised, it can lead to identity theft, unauthorized loans being applied for in your name and major credit card fraud.

6 tips to protect your sensitive data

Luckily, there are several steps you can take to protect your sensitive data and maintain your privacy online.

1. Create strong passwords for all online accounts

The first step to protecting your sensitive data is creating a strong and unique password for each of your accounts. A strong password should contain at least 16 characters and a combination of uppercase and lowercase letters, numbers and symbols. You should also never use personal information in your passwords because a cybercriminal can research this information and use it in their attempts at cracking your passwords. The best passwords are completely random and do not incorporate dictionary words like “password” or “dog” because the more common the words are, the easier your passwords are to guess.

2. Set up Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) is crucial in protecting sensitive data because it prevents unauthorized users from accessing your accounts when enabled. MFA adds an extra layer of security by requiring additional proof of your identity before logging in to your account. Some examples of MFA are a PIN, a code from an authenticator app and a fingerprint scan. One of the benefits of enabling MFA on all your accounts is that even if a cybercriminal gains access to your username and password, they still need the additional factor to log in.

3. Use a VPN on public WiFi

Something as simple as connecting to public WiFi can put your sensitive data at risk of being compromised, which is why you should use a Virtual Private Network (VPN). When you use public WiFi, you never know if a cybercriminal has manipulated the network to collect data from anyone who connects to it in what is called a Man-in-the-Middle (MITM) attack. To combat cyber threats like MITM attacks, using a VPN protects your online privacy by creating a private network to encrypt your data, even when you are connected to a public network. For example, if you connect to airport WiFi while traveling, you should use a VPN to ensure that no one in the airport can steal your private information.

4. Enable data encryption

Data encryption is the process that converts your sensitive data from plain text, which anyone can read, into ciphertext, which has random characters that neither people nor machines can read until it’s been decrypted with an encryption key. This process may sound confusing, but encrypting your data ensures that it isn’t read by another user.

You can enable data encryption on your smartphones, computers and online accounts by visiting your device’s settings. For Windows users, within your Settings, visit Privacy & security, then click on Device encryption. If this setting does not appear for you, use BitLocker encryption, which is a Windows security feature that encrypts an entire drive to protect data. Search for BitLocker in your Windows search box, then select BitLocker Drive Encryption and click Turn on BitLocker. For Apple users, your sensitive data is automatically encrypted when you set up a passcode and Touch/Face ID on your device. In the Face ID & Passcode section within your settings, you should see Data protection is enabled at the very bottom of your screen to indicate this.

5. Back up your data regularly

Not only is it important to back up your data regularly in case your device is ever lost or stolen, but you should also continuously back up your data in case your device suffers a malware attack. Imagine you never backed up your phone when, all of a sudden, it was infected with a virus. If you had backed up your data before the virus infected your phone, you could erase all the data on your phone and restore it using the backup made before the infection.

6. Invest in a password manager

Protecting your sensitive data is convenient and secure when you use a password manager like Keeper. Password managers can create strong and unique passwords, safely store your login credentials in an encrypted vault and make it easy to log in to accounts automatically. There are many benefits to using a password manager, such as its ability to generate random passwords, secure password-sharing features and storage of additional information beyond passwords (documents, PDFs, pictures, medical information, etc.). All you need to remember is your master password, which is the password you use to log in to your secure digital vault.

Trust Keeper to protect your sensitive information

The password manager you can trust to protect your sensitive data is Keeper. Keeper uses end-to-end AES-256 encryption to ensure that your sensitive data cannot be accessed by anyone except you. With our zero-knowledge security, Keeper cannot even see your encrypted data. Using Keeper Password Manager allows you to generate and store MFA codes, and it can even autofill these codes on their associated websites for an easier login process.

Start your free 30-day trial of Keeper Password Manager today to discover all that Keeper can do to protect your sensitive data.

Πηγή: Keeper Security

The latest annual Sophos study of the real-world ransomware experiences of energy, oil/gas and utilities sector – a core element of the critical infrastructure supporting businesses – explores the full victim journey, from attack rate and root cause to operational impact and business outcomes.

This year’s report sheds light on new areas of study for the sector, including an exploration of ransom demands vs. ransom payments and how often energy, oil/gas and utilities organizations receive support from law enforcement bodies to remediate the attack.

Download the report to get the full findings.

Attack rates and recovery rates have remained steady

67% of energy, oil/gas and utilities organizations were hit by ransomware in 2024, identical to the attack rate reported in 2023.

98% of energy, oil/gas and utilities organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Four in five (79%) of these backup compromise attempts were successful, the highest rate of successful backup compromise across all sectors.

80% of ransomware attacks on energy, oil/gas and utilities organizations resulted in data encryption in 2024, in line with the encryption rate reported by this sector in 2023 (79%) but higher than the 2024 cross-sector average of 70%.

The mean cost in energy, oil/gas and utilities organizations to recover from a ransomware attack was $3.12M in 2024, similar to the $3.17M reported in 2023.

Devices impacted in a ransomware attack

On average, 62% of computers in energy, oil/gas and utilities are impacted by a ransomware attack, considerably above the cross-sector average of 49%. Unlike other sectors where only a small percentage of organizations have their full environments encrypted, approximately one in five energy, oil/gas and utilities organizations (17%) reported that 91% or more of their devices were impacted.

The propensity to use backups for data recovery has decreased

61% of energy, oil/gas and utilities organizations paid the ransom to get encrypted data back, whereas only 51% restored encrypted data using backups – the lowest rate of backup use reported across all sectors. This is the first time that energy, oil/gas and utilities organizations have reported a higher propensity to pay the ransom than use backups. In comparison, globally, 56% paid the ransom, and 68% used backups.

This year’s findings represent a marked change from the previous two years when the sector enjoyed impressive rates of backup use (70% in 2023 and 77% in 2022).

A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). This time, 35% of energy, oil/gas and utilities organizations that had data encrypted reported using more than one method, higher than the 26% reported in 2023.

Critical Infrastructure victims don’t often pay the initial ransom sum demanded

86 energy, oil/gas and utilities respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2.5M in 2024.

A little less than half (48%) of respondents said their payment matched the original request. 26% paid less than the original demand, and 27% paid more.

Looking at the data by industry, energy, oil/gas and utilities has the highest propensity to pay the original ransom amount demanded by attackers. It is also the sector with the second lowest propensity to pay less than the original demand.

Download the full report for more insights into ransom payments and many other areas.

Source: Sophos

600 IT/cybersecurity leaders share their ransomware experiences, revealing the realities facing education providers today.

Sophos’ latest annual study of the real-world ransomware experiences of educational organizations explores how ransomware’s impact has evolved in the last four years. It focuses on the full victim journey, from attack rate and root cause to operational impact and business outcomes.

This year’s report explores new areas of study for the sector, including an exploration of ransom demands vs. ransom payments and how often educational organizations receive support from law enforcement bodies to remediate the attack.

Download the report to get the full findings.

Attack rates have declined, but recovery costs have more than doubled

63% of lower education and 66% of higher education organizations were hit by ransomware in the last year, a considerable decrease from the 80% and 79% reported in 2023, respectively. However, the attack rates in education remain higher than the global cross-sector average of 59%.

95% of educational organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Of them, 71% were successful, which is the second highest rate of successful backup compromise across all sectors after the energy, oil/gas and utilities sector.

85% of ransomware attacks on lower education and 77% on higher education organizations resulted in data encryption in the last year, slightly higher than 81% and 73%, respectively, reported in the previous year. For lower education, this is the second consecutive year of an increase in encryption rate, with only state/local government (98%) more likely to have data encrypted in an attack.

The mean cost in 2024 for lower education organizations to recover from a ransomware attack was $3.76M, more than double the $1.59M reported in 2023. Higher education organizations reported a mean cost of $4.02M, almost four times higher than the $1.06M reported in 2023.

Devices impacted in a ransomware attack

On average, 52% of computers in lower education and 50% in higher education are impacted by a ransomware attack, slightly above the cross-sector average of 49%. Having a full environment encrypted is extremely rare. Only 2% of lower education organizations and 1% of higher education organizations reported that 91% or more of their devices were impacted.

The propensity to pay the ransom has increased

62% in lower education paid the ransom to get encrypted data back, while 75% restored encrypted data using backups. At the same time, 67% of higher education organizations paid the ransom to restore data, whereas 78% used backups.

Higher education reported the second-highest propensity to use backups for data restoration along with state/local government organizations. It also ranks second highest in the propensity to pay the ransom to restore encrypted data, whereas lower education organizations rank third.

The three-year view of the education sector reveals an increase in backup use. In 2023, higher education was among the bottom three sectors globally for backup use, jumping to second place in 2024, alongside state/local government. Unfortunately, the propensity to pay the ransom has progressively increased for both lower and higher education organizations in the last three years.

A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). This time, 65% of lower education and 69% of higher education organizations that had data encrypted reported using more than one method, almost three times the rates reported in 2023 (23% in lower education and 22% in higher education organizations.)

Victims rarely pay the initial ransom sum demanded

99 lower education and 92 higher education respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment in lower education was $6.6M last year. For higher education, the average (median) payment was $4.4M.

Only 13% of education victims said their payment matched the original request. 32% of lower education and 20% of higher education respondents paid less than the original demand, while 55% of lower education and 67% of higher education organizations paid more. Globally, higher education is the sector most likely to pay more than the original demand.

Download the full report for more insights into ransom payments and many other areas.

Source: Sophos

ustomers have spoken, recognizing Sophos as a Customers’ Choice vendor in the 2024 Gartner® Peer Insights™ Voice of the Customer Reports for Network Firewalls and Endpoint Protection Platforms.

These distinctions are based on a combination of customer review coverage and ratings and this is the third consecutive year when customers have recognized Sophos as a Customers’ Choice vendor in both markets.

In the 2024 Voice of the Customer Report for Network Firewalls Sophos scored a 4.8/5.0 rating based on 377 verified customer reviews as of 31^st March 2024 – the highest number of reviews of any vendor. Sophos is also recognized with a Customers’ Choice distinction in five industry segments, and is the only vendor positioned in the Customers’ Choice Quadrant in the Services Industry segment.

In the 2024 Voice of the Customer Report for Endpoint Protection Platforms, Sophos also scored a 4.8/5.0 rating based on 682 reviews as of 30^th April 2024 – once again, the highest number of reviews among all vendors in the report. Sophos was also named a Customers’ Choice vendor in all 11 industry segments mentioned in the report.

Customer testimonies

Here are some examples of what customers had to say about Sophos:

“Bravo Sophos for this outstanding firewall solution; you make our life easier!”
Technical Engineer in the Media industry, $50M-250M
Review link

“Sophos Firewall empowers secure network with robust protection and scalable solutions”
Senior Manager, IT in the Banking industry, $50M-250M
Review link

“Sophos Firewall is the best option out there to stay ahead of the threats!”
Associate Manager in the Manufacturing industry, $50M-250M
Review link

“Sophos Firewall is a marvellous solution that protects us against zero-day threats”
Security Engineer in the Media industry, $50M-250
Review link

“Sophos Endpoint provides the most robust anti-ransomware protection in the industry”
IT Manager in the Manufacturing industry, $50M-250M
Review link

“Sophos Endpoint protection combines multiple prevention techniques to reduce the attack”
IT Manager in the Education industry, Gov’t/PS/ED <5,000 employees
Review link

“Unmatched protection: Sophos Intercept X Endpoint delivers peace of mind”
Network Administrator in the Manufacturing industry, $30B+
Review link

“Sophos Intercept X [Endpoint] is one of the best products we have ever used”
IT Admin in the Transportation industry, $1B-3B
Review link

Explore Sophos solutions

Join the 600,000 organizations that trust Sophos to defend against ransomware and other advanced threats. Explore Sophos Intercept X Endpoint and  Sophos Firewall today, and see why they are consistently a Gartner Peer Insights Customers’ Choice.

Source: Sophos

592 IT/cybersecurity leaders share their ransomware experiences from the last year, revealing fresh new insights into the realities facing them today.

The latest annual Sophos study of the real-world ransomware experiences of financial services organizations explores the full victim journey, from attack rate and root cause to operational impact and business outcomes.

This year’s report sheds light on new areas of study for the sector, including an exploration of ransom demands vs. ransom payments and how often financial services organizations receive support from law enforcement bodies to remediate the attack.

Download the report to get the full findings.

Attack rates have remained steady, but recovery is more expensive

65% of financial services organizations were hit by ransomware in 2024, in line with the 64% rate reported in 2023 but above the rate reported in the previous two years.

90% of financial services organizations hit by ransomware in the past year said that cybercriminals attempted to compromise their backups during the attack. Of the attempts, just under half (48%) were successful – one of the lowest rates of backup compromises across sectors.

49% of ransomware attacks on financial services organizations resulted in data encryption, a substantial drop from the 81% encryption rate reported in 2023. The sector reported the lowest data encryption rate across all sectors and the highest success rate in stopping attacks before data can be encrypted.

The mean cost in financial services organizations to recover from a ransomware attack was $2.58M in 2024, an increase from the $2.23M reported in 2023.

Devices impacted in a ransomware attack

On average, 43% of computers in financial services organizations are impacted by a ransomware attack, a little below the cross-sector average of 49%. Having your full environment encrypted is extremely rare, with only 4% of organizations reporting that 91% or more of their devices were impacted.

The propensity to pay the ransom has increased in financial services

62% of financial services organizations restored encrypted data using backups, and 51% paid the ransom to get data back. In comparison, globally, 68% used backups and 56% paid the ransom.

The three-year view of financial services organizations reveals that the gap between the use of backups and ransom payment has narrowed over the last 12 months. In 2023, 69% of financial services organizations used backups, and 43% paid the ransom to restore encrypted data after the attack.

A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). In this year’s study, 37% of financial services organizations that had data encrypted reported using more than one method, more than double the rate reported in 2023 (16%).

Financial services victims rarely pay the initial ransom sum demanded

90 financial services respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment was $2M in 2024.

Only 18% paid the initial ransom demand. 67% paid less than the original demand, while 15% paid more. On average, across all financial services respondents, organizations paid 75% of the initial ransom demanded by adversaries.

Download the full report for more insights into ransom payments and many other areas.

Source: Sophos

Sophos is a leader in next-generation endpoint and network security. As the pioneer of synchronized security Sophos develops its innovative portfolio of endpoint, network, encryption, web, email, and mobile security solutions to work better together.

All products that are deployed as part of the MSP Connect Flex program through Sophos Central will be included in the Datto Autotask PSA integration, including Intercept X, Disk Encryption, Endpoint, Mobile, Web, Email, Wireless, and Cloud Optix.

• Sophos Central will automatically create all products in Autotask PSA
• Sophos will automatically update the service contract nightly to provide up-to-date billing information on all Sophos products deployed across an MSP’s customer base
• The integration will provide ongoing, real-time data to Autotask PSA
• The integration additionally supports manual syncs to Autotask PSA

Available worldwide in English, German, French, Japanese, Italian, Trad. Chinese, Spanish, Portuguese, Korean.

About the Datto Autotask PSA integration

You can connect your Sophos Central Partner account to Autotask, which is a Professional Services Automation (PSA) tool, if the following conditions are met:

• You’re part of the Sophos Managed Service Provider (MSP) program.
• You use Sophos Central Partner.
• You use Autotask.

Sophos Central alerts can be synced into the PSA as tickets and can be acknowledged from both Sophos Central and the PSA system. Each PSA ticket includes a URL linking directly to the endpoint or server’s device details page, providing quick access to the Computer Summary or Server Summary pages. This eliminates the need to track email alerts, manually set PSA ticket attributes for PSA-ingested emails, acknowledge alerts separately in Sophos Central and Autotask, and manually search for customers and devices in Sophos Central.

You can synchronize your Sophos product usage data from your monthly customer accounts with Autotask. The ability to create Autotask services from Sophos, map those services to Sophos products, and set intervals for syncing license usage data into Autotask eliminates the need for manual updates in two places. This makes it easier to bill customers for the products they use.

MSPs can streamline alert management with enhanced PSA integrations

The Sophos Email and X-Ops teams are incredibly pleased to announce that Sophos Email has achieved top marks in VBSpam’s latest email comparative review for June 2024, earning it Virus Bulletin’s SPAM+ certification award.

Sophos Email was the only solution to block all the malware and phishing samples in the test, while also classifying all ham and newsletter samples correctly with zero false positives.

Over a 16-day period, this comprehensive evaluation bombarded our email security engine with over 140,000 malicious and spam-related emails, and our product correctly identified 100% of all the malware, phishing, and newsletter mail and 99.98% of other unwanted mail.

This test is a fantastic validation of all the investment and effort Sophos has made in ensuring customers get the best messaging protection for their organizations, keeping their inboxes clear of spam and security threats.

Learn more about Sophos Email.

Source: Sophos

MITRE ATT&CK® stands for MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK). The MITRE ATT&CK framework is a curated knowledge base and model for cyber adversary behavior, reflecting the various phases of an adversary’s attack lifecycle and the platforms they are known to target.

MITRE Engenuity™ has released the results from the latest round of ATT&CK® Evaluations for Managed Services, assessing the abilities of 11 vendors to detect, analyze, and accurately describe real-world adversary behavior.

This was the second round of ATT&CK Evaluations for Managed Services, initially launched in 2022, to help organizations better understand how offerings like Sophos MDR can help protect them against sophisticated, multi-stage attacks.

Watch this short video for an overview of the evaluation:

What was the scope of the ATT&CK Evaluations?

MITRE Engenuity ATT&CK Evaluations are designed to simulate a representative example of how organizations should expect a managed service provider to engage with them during a sophisticated attack.

The MITRE Engenuity team emulates the behaviors of known threat actors during the evaluation. A ‘black box’ approach was used in this round, whereby MITRE did not disclose the simulated threat actor(s) or the technique scope until the assessment was complete.

This evaluation emulated tactics and techniques used by two known threat groups – menuPass and ALPHV/BlackCat – and assessed each vendor’s abilities to detect and report specific adversary activities.

In total, the evaluation comprised 172 adversary activities (sub-steps) across 15 overall steps. Note, however, that only 43 of the sub-steps – those that MITRE Engenuity considered critical for attack sequence success – were included in the results.

The evaluation focused entirely on detection and reporting. The ability to block, respond to, or remediate threats was not assessed. It’s essential, therefore, to keep in mind that adversary behaviors emulated in this evaluation may have been blocked by protection technologies (e.g., next-gen endpoint tools), which vendors needed to deactivate during the evaluation.

Evaluation participants

Eleven managed security service providers participated in this evaluation round:

Sophos’ results

The results of MITRE ATT&CK Evaluations can be interpreted in multiple ways and MITRE Engenuity does not rank or declare any vendor a “winner” or a “leader”. Each vendor’s managed service reports information differently and each organization’s needs and preferences are just as important as the results themselves.

Sophos successfully “Reported” and accurately described 84% of the 43 adversary activities (sub-steps) selected by MITRE Engenuity – higher than the average among participating vendors. The majority (75%) of Sophos’ detections were also categorized as “Actionable”. “Reported” means the adversary activity was successfully identified, and sufficient context was provided. And, where the reported information also successfully addresses the “5 W’s” (Who, What, When, Where, and Why), the activity was further categorized as “Actionable”.

The results also include the number of alert emails sent by each vendor.

To ensure an effective, understandable, and actionable response, Sophos MDR focuses on providing high-value, human-written notifications containing the critical information and context that customers need to know.

During the 5-day MITRE ATT&CK Evaluation for Managed Services, Sophos MDR sent 24 emails. The average among other participants was over 120 emails, with some vendors sending more than 300 emails. Alert fatigue, caused by an overwhelming number of notifications from security solutions, is a major problem in cybersecurity. Sophos understands that your organization’s time is valuable, and when resources are limited, quality is typically better than quantity.

How to use results of MITRE Engenuity ATT&CK Evaluations

ATT&CK Evaluations are among the world’s most respected independent security tests, due in large part to the thoughtful construction and emulation of real-world attack scenarios, transparency of results, and richness of participant information.

When considering a Managed Detection and Response (MDR) service, be sure to review the results from MITRE Engenuity ATT&CK Evaluations alongside other reputable third-party proof points, including verified customer reviews, and analyst evaluations.

As you review the data available in MITRE Engenuity’s evaluation portal, look beyond the numbers and consider the following, keeping in mind that there are some questions about managed security services that the ATT&CK Evaluations cannot help you answer. For example:

• Does the service present information to you the way you want it, with high-value communications containing the critical information you need to know?

• Does the service assume you have an in-house security operations team, or can they provide a full ‘instant SOC’ with the ability to take action to eliminate threats on your behalf?

• Who will be engaging the managed service provider on a day-to-day basis? IT Administrators, experienced security analysts, or perhaps both?
• Can the service integrate with other technologies in your environment to detect and respond to multi-stage threats that extend beyond endpoints (e.g., firewall, email, cloud, identity, network, backup and recovery, etc.)?
• Does the service include full remote incident response, and are the included IR services limited to a fixed number of hours, or uncapped?

Why we participate

Sophos is committed to participating in MITRE Engenuity ATT&CK Evaluations alongside some of the best security vendors in the industry. As a community, we are united against a common enemy. These evaluations help make us better, individually and collectively, for the benefit of the organizations we defend.

Our participation in the latest evaluation further validates Sophos’ position as an industry-leading Managed Detection and Response (MDR) provider and trusted cybersecurity partner to over 22,000 customers.

To learn more about Sophos MDR and how it can support you, visit our website or speak with a security expert today.

Source: Sophos

Remote network monitoring allows IT to stay connected and monitor their organization’s network infrastructure from anywhere in the world. Remote network monitoring offers convenience and flexibility for network engineers managing off-site networks, IT consultants monitoring traffic for clients, managed service providers, or network administrators who simply couldn’t be on-prem on a given day.

By enabling IT to check the performance, security, and health of critical network devices at anytime and from anywhere, organizations can significantly minimize downtime. Instead of discovering issues upon returning to work, requiring the assistance of a local technician, or dispatching someone to the facilities, RMON allows IT to rapidly respond to network issues instantly from anywhere in the world.

What’s the Purpose of Remote Network Monitoring (RMON)?

Many modern organizations have network equipment located in multiple locations that they need to manage. Making sure routers, switches, servers, and other network equipment is up and running everywhere is critical to smooth business operations. But geographically-dispersed networks can make ensuring constant uptime a challenge for IT departments.

Also, in a mobile age, you and your staff are not always in a physical office. Sometimes you’re in the field. Sometimes you work from home. Maybe you have IT staff who work remotely and want remote network monitoring access. Can you give key IT personnel access to your network management tools from anywhere, without risking security breaches? Your organization needs the benefits of remote monitoring.

Remote network management allows IT to use tools to manage network performance no matter where your network devices (or you) are located. Think your company could benefit from remote network management and monitoring? Here are five ways remote access benefits you and your IT team.

Top 5 Benefits of Remote Network Monitoring

1. You can monitor remote offices wherever they’re located.

If your network spans multiple locations, a remote network monitoring software allows you to manage devices in every location. For instance, let’s say you manage the network for a school district with various campuses, or are monitoring local and regional branches of a financial institution. Remote monitoring tools give you visibility into how devices in your central location, as well as all the remote locations, are performing. You can also get alerts wherever and whenever performance falters. To easily distinguish office or branch locations, you can set up location-specific network maps tracking device statuses for that particular location.

Remote network management capabilities are especially helpful for companies who have a small team stationed in one spot but are responsible for managing the entire network. With remote network access, if a device goes down, you don’t have to travel to that location to troubleshoot. This saves IT administrators time, increases your productivity, and enables you to rest easy knowing the whole network is under your surveillance.

Consultants responsible for monitoring client networks and managed service providers (MSPs) also benefit from the ability to monitor a remote location without being on site.

2. IT staff in other offices can monitor the network in real time.

If you have IT team members spread out across locations who are responsible for monitoring network performance, remote access enables those IT staff in other offices, cities, branches, or even countries to view network performance in real-time—even if the software server is installed at headquarters.

This means if a device goes down at a remote location, a network guy located there can troubleshoot without necessarily getting you involved. He also doesn’t have to bother you to ask what you’re seeing on your end—he can see up-to-date network maps and metrics for himself.

3. You and your IT staff can be mobile without risking network neglect.

Having remote access to the network means your IT team doesn’t have to be on-site constantly. If you need to work from the coffee shop or at home, with remote access to the network you can still see the status of network devices on your laptop or mobile device. Mobile network monitoring keeps network data at your fingertips so you never risk outages from lack of access.

4. Access levels can be managed to ensure security.

Some network administrators may balk at the idea of remote access because of potential security threats to the network. One way to secure the network is to require encrypted authentication and make sure that every user has to log in the same way.

Another safeguard against security issues is the ability to customize user access. Most remote network monitoring tools allow you to give access at the admin or user level to certain maps or dashboards. Managing access for your users helps tremendously to keep the connection secure.

Also, find a tool that will update and provide patches whenever security holes surface. Although security threats are a fact of life, good tools will quickly notify users when a patch has been released so you can take advantage of increased security measures as soon as possible.

5. With proper connectivity, you’ll always have access.

To get remote access benefits, it simply requires… access. As long as you have direct access to the network via VPN connectivity or point to point, you’ll be able to manage and monitor all the critical devices within your network. Regardless of where you or they are located.

By allowing remote monitoring capabilities for you and your other IT network staff, you give yourself the kind of flexibility that the modern work world requires. You also gain peace of mind that no matter where you are, you can see the whole network at a glance, whether it spans a city, country, or the world.

What Does Remote Network Monitoring Software Help With?

If you’re managing the network across locations or on the go, it’s clear that remote monitoring is essential. Do you have the right tools? Remote network monitoring software can give you the visibility you need to monitor a widespread network.

Create a Dynamic Network Map

Remote network monitoring software like Intermapper allows you to create a dynamic network map, offering a real-time view of your network’s status. With color-coded indicators, you can easily see which devices are functioning and which are experiencing issues. Various map layouts and icon options let you customize the view to reflect your unique IT environment.

Minimize Impact on Users

Remote network monitoring software keeps you informed by sending real-time alerts via text, email, sound, and more whenever there’s a problem. This enables you to address and resolve technology issues swiftly, minimizing impact on users or customers.

Troubleshoot Problems Quicker

Quickly identify and resolve problems across your distributed network in seconds rather than hours. This efficiency saves you and your IT team time, reduces frustration, and ensures customer and user satisfaction.

Source: Fortra

The main difference between passkeys and 2FA is that passkeys completely remove the need for individuals to enter a password, whereas 2FA enhances the security of an account by requiring an additional method of authentication in addition to a traditional username and password.

Continue reading to learn more about the differences and similarities between passkeys and 2FA, and which is more secure.

What are passkeys?

Passkeys are a type of passwordless authentication that enables users to log in to accounts and applications without entering a password. Instead, passkeys leverage how you unlock your devices such as by entering a passcode, using your biometrics (e.g. Face ID, fingerprint) or using a swipe pattern.

What is 2FA?

Two-Factor Authentication (2FA) is a second form of authentication that is used to verify your identity after you’ve already entered your username and password correctly. When 2FA is enabled on an account, it adds an extra layer of security to ensure that only you have the means to access your account. Some examples of 2FA include the following:

• Time-based One-Time Password (TOTP) codes
• Biometric authentication
• Hardware security keys
• Security questions
• Passkeys used as a second factor

Key differences between passkeys and 2FA

Here are some of the key differences between passkeys and 2FA.

Passkeys completely remove the need to enter a password, 2FA doesn’t

When you enable passkeys on your account, you no longer need to enter a password. Since passwords are removed from the login process, your account is no longer susceptible to password-related attacks, phishing and data breaches. This differentiates from 2FA which enhances the security of your password-protected account by requiring an additional verification method, meaning your password is still vulnerable to compromise. However, this is what makes 2FA important to enable on your accounts since it greatly reduces the risk of your account becoming breached due to a compromised password.

Passkeys aren’t vulnerable to being intercepted, some 2FA methods are

Another key difference between passkeys and 2FA is that because passkeys are automatic (they don’t require the user to manually type anything), they’re not vulnerable to being intercepted, whereas some 2FA methods are vulnerable. Some of the most commonly used 2FA methods are 2FA codes sent through text message and email. While these 2FA methods are convenient, they’re also the least secure since they can be easily intercepted by cybercriminals, which increases the likelihood of your account being compromised. Cybercriminals can also use phishing tactics to get victims to reveal their 2FA codes.

While passkeys and 2FA have some differences, they share the similarity of being used to make accounts more secure by eliminating one-factor authentication, which refers to only signing in with a username and password.

Are passkeys more secure than traditional 2FA methods?

Yes, passkeys are more secure than traditional 2FA methods because they remove passwords, which are susceptible to password-related attacks, are phishing-resistant and support 2FA by design. Many people fail to enable 2FA because they find it difficult to use or don’t like the additional time it takes to log in with it. This often leads to people only securing their accounts with passwords and nothing else, making it much easier for cybercriminals to gain access to them.

With passkeys, users no longer need to worry about their accounts being less secure because they don’t want to enable 2FA. After all, passkeys require authentication before being used so 2FA is a part of the passkey login process.

Use passkeys to keep your online accounts secure

Passkeys should be set up on every website and app they’re available on. To see which apps and websites currently support the use of passkeys as a sign-in or Multi-Factor Authentication (MFA) method, check out our Passkeys Directory.

For websites and apps that don’t currently support passkeys, you’ll have to ensure your passwords are strong and have 2FA enabled. A password manager like Keeper® can aid you with creating and managing all of your passwords, passkeys and 2FA codes. By storing your passwords, passkeys and 2FA codes in Keeper, you’ll be able to access them from anywhere, no matter what device you’re using, making the login process more secure and convenient.

To see how Keeper Password Manager can aid you with securely managing your passwords, passkeys and 2FA codes, start a free 30-day trial today.

Source: Keeper

Network monitoring involves the continuous surveilling of computer networks to detect issues like slow traffic or component failure as well as alerting administrators to these issues to prevent disruptions and prolonged downtime.

What Are the Benefits of Network Monitoring? 

Implementing network monitoring offers several benefits to organizations. Firstly, it allows them to stay ahead of outages by providing visibility into network performance, helping to identify potential issues before they impact end users. Organizations like this medical device company rely heavily on network monitoring to alert them to potential upcoming outages and assist them with troubleshooting how to resolve them so that operations are not interrupted.

Secondly, network monitoring enables faster issue resolution. In network emergency situations where time is of the essence, it’s important for IT to be able to quickly pinpoint the source of a problem. The live network maps and performance metric analysis that network monitoring tools are often quipped with provide the visibility necessary to quickly locate the root of an issue and resolve it. Organizations like Vasttrafik – a Swedish transportation service – leverage the visibility that network monitoring provides them to keep their services up and running 24/7.

Moreover, network monitoring delivers immediate return on investment (ROI) by alleviating the burden of manually mapping and monitoring networks for IT teams and reducing the costs associated with outages. Greater Media Detroit’s use of network monitoring exemplifies how it enhances end-user experiences and minimizes disruptions, translating into tangible benefits for organizations.

Additionally, as IT environments evolve with technological advancements and increased connectivity, network monitoring has become indispensable in managing growing and changing networks. Take the education sector for example: As educators use mobile devices, online applications, and other EdTech to create innovative learning experiences, network uptime has never been more important. That’s why institutions like Decatur City Schools are turning to network monitoring to effectively manage the proliferation of connected devices and ensure smooth network performance amidst complexities and transitions.

Why Do You Need Network Monitoring?

Network monitoring is proactive by nature, meaning its primary use is for pointing out potential performance issues and bottlenecks before they happen. Without network monitoring, organizations are opening themselves up to a world of dangerous and damaging possibilities.

Human error and configuration issues typically go hand in hand, and commonly result in minor performance issues that snowball and result in network outages and disruptions.  Even the best network professionals don’t always get it right, which is why its important to support them with network monitoring technology.

A lack of network visibility is another dangerous side effect that comes with an absence of network monitoring. A survey by Forrester indicated that 81% of IT leaders believe network visibility is essential for strong network security and response. In other words, organizations cannot afford lengthy fixes of critical IT issues and could save a fortune by investing in network visibility technology.

How Does Network Monitoring Work?

The first phase of network monitoring involves the discovery of devices and the mapping of their connections. Depending on your monitoring needs, you can customize you map to show your entire distributed network, just an IP address range, or even a single subnet. After this step, you should have a clear picture of your entire network and how your devices relate to one another.

Next, you must define performance benchmarks for your network devices so that a polling engine has a point of comparison to base alerting decisions off of. At this stage, you can also define the cadence in which you prefer to monitor, or poll, your devices based on their priority level. For example, laptops may require less frequent monitoring than network infrastructure components like routers and servers.

After you’ve gained visibility into your network and you’ve added your parameters and specifications for how you would like to monitor your devices, your network will then rely on network monitoring protocols used in conjunction with a network monitoring tool to execute the actual monitoring and alerting functions.

How Many Types of Network Monitoring Are There?

SNMP

The Simple Network Management Protocol (SNMP) is an application layer protocol that is used to collect data related to network changes or statuses of network-connected devices.

ICMP

The Internet Control Message Protocol (ICMP) is used by network devices such as routers to communicate error information and other updates to other network devices.

CDP

The Cisco Discovery Protocol (CDP) is a link layer device protocol used to share information with other Cisco equipment.

LLDP

The Link Layer Discovery Protocol (LLDP) is another Layer 2 protocol used in non-cisco related environments such as Netgear.

What Is the Most Common Tool Used for Network Monitoring?

A Network Monitoring System (NMS) is the most common tool used for network monitoring. They offer robust network monitoring capabilities including monitoring and recording network performance, forecasting and detecting issues or bottlenecks, and alerting network administrators to urgent events.

NMS tools most frequently utilize application layer protocols like SNMP to collect change data or statuses from network-connected devices like routers, switches, servers, laptops, and more. Some of the most popular examples of NMS tools include:

• Nagios is one of the favorites in the open-source community for network monitoring. If you have a strong development skillset, this tool could be a great fit for you. Otherwise, open-source network monitoring tools like Nagios and Zabbix can be time consuming and expensive to set up.
• SolarWinds is an enterprise-level NMS that could also be considered a Network Management Software because it performs configuration management, application management, and server management. Network Performance Monitor is the specialized NMS component of SolarWinds. SolarWinds is great for large organizations with dedicated network administrators. For those with a smaller budget and less staff, SolarWinds may not be the right choice.
• PRTG Network Monitor is an enterprise network monitoring solution that runs exclusively on Windows. It performs the critical functions of an NMS – such as helping stay ahead of outages and providing network visibility – while also offering Layer 3 mapping and automatic device discovery.
• Intermapper is an enterprise NMS that is much easier to implement and operate than larger, more robust NMS tools. Intermapper offers real-time monitoring and alerting as well as customizable mapping and probing – so that you can track the status of anything that’s connected to your network.

These tools vary in features, scalability, and pricing, allowing organizations to choose the one that best fits their needs and budget.

Source: Fortra

Sophos’ latest annual study of the real-world ransomware experiences of retail organizations explores the full victim journey, from attack rate and root cause to operational impact and business outcomes.

This year’s report sheds light on new areas of study, including an exploration of ransom demands vs. ransom payments and how often retail organizations receive support from law enforcement bodies to remediate attacks.

Download the report to explore the full findings.

Attack rates have dropped, but recovery is more expensive

45% of retail organizations reported they were hit by ransomware last year. This is a notable and welcome drop from the 69% and 77% ransomware rates reported in 2023 and 2022, respectively.

92% of retail organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. Of the attempts, 47% were successful.

56% of ransomware attacks on retail organizations resulted in data encryption, a considerable drop from the 71% reported in 2023 and 68% in 2022. The data encryption rate in retail was notably lower than the global cross-sector average of 70% and the lowest across all sectors other than financial services (49%).

Retail reported the second-highest data extortion rate (5%) jointly with financial services, where the data was not encrypted but they were held for ransom.

The mean cost for retail organizations to recover from a ransomware attack was $2.73M in 2024, an increase from the $1.85M reported in 2023.

Devices impacted in a ransomware attack

On average, 40% of computers in retail are impacted by a ransomware attack. Having your full environment encrypted is extremely rare, with only 2% of organizations reporting that 91% or more of their devices were impacted.

Retail’s propensity to pay the ransom has increased

66% of retail organizations restored encrypted data using backups, while 60% paid the ransom to get data back. The use of backups in retail organizations has fallen slightly for the second consecutive year, but what is more concerning is the sector’s propensity to pay the ransom, which has increased considerably over the last year.

A notable change over the last year is the increase in the propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). In this year’s study, over one-third of retail organizations (39%) that had data encrypted reported using more than one method, more than double the rate reported in 2023 (16%).

Retail victims rarely pay the initial ransom sum demanded

78 retail respondents whose organizations paid the ransom shared the actual sum paid, revealing that the average (median) payment has decreased by 68% over the last year, from $3M to $950K.

Only one-third (34%) of respondents said that their payment matched the original request. 53% paid less than the original demand, while only 14% paid more.

Download the full report for more insights into ransom payments and many other areas.

About the survey

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific, including 577 from the retail sector. All respondents represent organizations with between 100 and 5,000 employees. The survey was conducted by research specialist Vanson Bourne between January and February 2024, and participants were asked to respond based on their experiences over the previous year.

Source: Sophos