We’re pleased to announce the general availability of Sophos DNS Protection. This cloud-based service, managed via Sophos Central, provides an added layer of network protection and is available at no extra charge to all Xstream Protection licensed Sophos Firewall customers.

Great value for Sophos Firewall customers

Sophos DNS Protection adds tremendous new value for our Sophos Firewall customers, who can take advantage of this protection at no extra charge as it’s part of our Xstream Protection Bundle. It enables you to potentially consolidate and save from using another third-party DNS provider or start using a great DNS protection solution without having to pay extra.

What you get: enhanced internet and web security

Sophos DNS Protection adds another layer of security to every network. It works to instantly block access to unsafe and unwanted domains across all ports, protocols, and applications at the earliest opportunity – from both managed and unmanaged devices. DNS protection perfectly complements and augments your existing network security and policy enforcement tools. Sophos DNS Protection can be deployed in just a few minutes.

Sophos DNS Protection is a globally accessible domain name resolution service with integrated policy controls and reporting in Sophos Central. Sophos DNS Protection is backed by SophosLabs’ AI-powered threat intelligence, providing real-time world-wide protection from high-risk domains. As soon as a malicious domain is discovered, it is shared across customers instantly, providing immediate protection for all.  By using Sophos DNS Protection in place of your existing public DNS resolver, you can prevent any devices on your network from accessing domains associated with security threats and other unwanted websites controlled through policy.

Protection for networks

Access to the Sophos DNS Resolver is based on the originating public IPv4 address of the DNS queries. Hence, protecting individual devices for remote workers that move from network to network (or site to site) is not viable at this time.

Dynamic IP addresses are supported when used with a dynamic DNS provider.

Integrated dashboarding and reporting

Sophos DNS Protection also provides in-depth visibility into the domains visited from your network, with comprehensive dashboarding and reporting.

Full reporting with all the same options as Central Firewall Reporting Advanced is also included:

Cross-product integration

Sophos DNS Protection’s log data and intelligence are also shared with the Sophos data lake for Sophos XDR and MDR threat-hunting analysts to help detect active adversaries and threats operating on the network.

Getting started

Sophos DNS Protection is available at no additional charge to all licensed Sophos Firewall customers who have the Xstream Protection bundle. If you need to upgrade your license, speak to your Sophos partner or representative.

Getting started with Sophos DNS Protection is easy: simply add locations, set DNS settings, create a policy, and go! Watch this video to see the steps for yourself:

To ensure a great customer experience, DNS Protection will be made available in stages over the coming weeks. If you have a Sophos Firewall with Xstream protection and don’t yet see it in Sophos Central right away, please be patient while we ramp up availability. 

Consult the full documentation for additional information. And if you don’t yet have a Sophos Firewall, get started today with a free trial!

Source: Sophos

Businesses are increasingly turning to Managed Service Providers (MSPs) for the expert support needed to secure their organization in the face of inevitable cyberattacks. Illustrating the accelerating demand, Canalys predicts that managed services revenue will grow at least 14% in 2024*.

In this fast-growing market, the growth opportunities for MSPs are considerable. Our inaugural MSP Perspectives 2024 report identifies the biggest challenges facing MSPs together with openings to accelerate business and profitability.

From reducing day-to-day overheads through management platform consolidation, to optimizing engagement with MDR vendors, and leveraging the interplay between cyber defenses and cyber insurance, the report highlights opportunities for MSPs to advance their businesses while elevating their clients’ protection against ransomware and breaches.

Insights from 350 MSPs across four countries

MSP Perspectives 2024 shares the outcomes of an independent survey of 350 MSPs in the U.S., UK, Germany and Australia, conducted in March 2024.

The report provides fresh insights into the reality of MSP operations today, focusing on five key areas of MSP business: RMM and PSA tools; cybersecurity management; MDR services; challenges and perceived risks; and impact of cyber insurance.

Read the report to explore the full findings and check out some of the key learnings below.

Biggest MSP challenges and risks

The survey revealed that the biggest day-to-day challenge facing MSPs is keeping up with the latest cybersecurity solutions/technologies, cited by 39% of those surveyed. MSPs also indicated that hiring new cybersecurity analysts to keep up with customer growth and keeping pace with the latest cyberthreats are among their top challenges.

The data also shows that shortage of in-house cybersecurity skills is perceived by MSPs to be the single biggest cybersecurity risk to both their own business and their clients’ organizations. They also consider stolen access data and credentials and unpatched vulnerabilities to be top-three risks for their customers.

As Scott Barlow vice president of MSP at Sophos, comments

“The speed of innovation across the cybersecurity battleground means it’s harder than ever for MSPs to keep up with threats and the cyber controls designed to stop them. When you couple this with a global skills shortage, which has made it infinitely more difficult for many MSPs to attract and retain cybersecurity analyst resources, its unsurprising that MSPs feel unable to keep pace with the changing threat landscape.”

Streamlining partnerships

 MSPs are streamlining their cybersecurity partnerships, typically working with a small number of vendors to secure their clients. The study revealed that over half (53%) of MSPs work with just one or two cybersecurity vendors, rising to 83% that use between one and five.

Reflecting the effort and overhead of running multiple platforms, MSPs estimate that they could cut their day-to-day management time by 48% if they could manage all their cybersecurity tools from a single platform.

Delivery of MDR services

In response to today’s complex threat landscape, there is growing demand for managed detection and response (MDR) services to provide always-on coverage. Currently 81% of MSPs offer an MDR service, and almost all (97%) MSPs that do not currently offer MDR plan to add it to their portfolio in the coming years.

66% of MSPs use a third-party vendor to deliver the MDR service and a further 15% deliver jointly through their own SOC and a third-party vendor.  Topping the list of essential capabilities in a third-party MDR provider is the ability to provide a 24/7 incident response service.

Accelerating MSP growth with the Sophos MSP program

The data shows that MSPs are strengthening their proposition and reducing overheads by amalgamating the platforms they use and engaging with third-party MDR vendors to expand their service offerings.

Sophos gives MSPs a complete portfolio of industry-best, fully managed security services and solutions, all managed through the Sophos Central security platform. Innovative, adaptive defenses and a complete MSP cybersecurity system deliver cyber confidence that empowers success.

To learn more visit www.sophos.com/msp or request an MSP Experience demo.

Source: Sophos

Many organizations are planning to adopt passwordless authentication or are already in the process of doing so. Passwordless authentication has many benefits such as being more secure than traditional passwords, providing a better user experience, reducing helpdesk costs and enhancing productivity.

Continue reading to learn more about the benefits of implementing passwordless authentication in your organization and how Keeper® helps with its implementation.

What is passwordless authentication?

Passwordless authentication verifies your identity to gain access to an account or system without entering a password. Passwordless authentication allows users to securely log in by verifying that an account belongs to them through other means such as their biometrics (fingerprints and facial recognition), one-time codes sent to a trusted device or hardware tokens. Since passwordless authentication eliminates having to enter a password, it’s considered a better and more secure authentication method.

Top 4 benefits of passwordless authentication

These are the top four benefits of adopting passwordless authentication.

1. More secure than traditional passwords

Passwordless authentication is more secure than using traditional passwords because it removes the risks associated with passwords. When using passwords to log in to accounts and systems, people tend to use weak passwords and reuse passwords across multiple accounts. This places those accounts at a greater risk of becoming compromised, which can lead to account takeovers and data breaches. By removing passwords from the login process, accounts are no longer susceptible to being compromised through password-related attacks such as password cracking and phishing.

2. Better user experience

Passwordless authentication also provides a better user experience since it takes away the pain of people having to remember multiple passwords. Passwords often cause individuals to experience password fatigue, which is a term used to describe the overwhelming stress people feel due to having to remember passwords on their own. Since passwordless authentication doesn’t require people to create or remember passwords, it provides a better user experience.

3. Reduces helpdesk costs

A study by Yubico found that organizations spend an average of $5.2 million per year on password resets. However, this only considers the hard costs of password resets, not the soft costs, which take into account the wide-reaching effects of password resets like the loss in productivity. Since passwordless authentication removes passwords from the login process, password resets become non-existent, significantly reducing the helpdesk costs related to them.

4. Enhances productivity

As mentioned above, one of the soft costs associated with password resets is the loss in productivity for both users and IT administrators. Instead of helping users reset their passwords because they’ve forgotten them, IT teams can spend their time improving their organization’s infrastructure. Additionally, instead of users waiting for their password to be reset, they can continue performing their regular job duties. Adopting passwordless authentication in your organization can remove these roadblocks by eliminating the root of the problem – passwords. By doing this, every employee can focus their time and energy on profitable projects.

Go fully passwordless with the help of Keeper

It can be challenging for organizations to go passwordless because some websites and applications don’t support passwordless authentication methods. However, this doesn’t mean organizations shouldn’t go passwordless; instead, they should look into solutions like Keeper that make going passwordless seamless and secure.

With Keeper, organizations can achieve full coverage, security and access control across every application and website without end-users ever needing to enter a password. Keeper connects Single Sign-On (SSO), IdP and passwordless solutions with passkey management, providing users with a seamless and secure login experience. Even for websites that don’t support passwordless login, Keeper’s autofill feature will log users in automatically.

To learn more about how Keeper can enable your organization to go passwordless, schedule a demo today.

Source: Keeper

In the early years of ransomware, many (if not, most) victims were reluctant to admit publicly that they had been hit for fear of exacerbating the business impact of the attack. Concerns about negative press and customer attrition led many organizations to keep quiet.

More recently, the situation has changed, with ransomware victims increasingly willing to acknowledge an attack. This development is likely driven in part by the normalization of ransomware – our (wholly anonymous) State of Ransomware reports have revealed attack rates above 50% for the last three years and public acknowledgement of an attack by well-known brands is commonplace. In short, being hit by ransomware is no longer perceived to be an automatic badge of shame.

The increase in mandatory reporting of attacks in many jurisdictions is also likely driving greater disclosure, particularly in the public sector which is most impacted by these regulations and requirements.

Although there has been a general sense that reporting has increased, detailed insights and regional comparisons have been hard to come by – until now. This year’s Sophos State of Ransomware survey shines light into this area, revealing for the first time how reporting levels and official responses vary across the 14 countries studied.

Reporting a ransomware attack is a win-win

The nature and availability of official support when dealing with a ransomware attack vary on a country-by-country basis, as do the tools to report a cyberattack. U.S. victims can leverage the Cybersecurity and Infrastructure Security Agency (CISA); those in the UK can get advice from the National Cyber Security Centre (NCSC); and Australian organizations can call on the Australian Cyber Security Center (ACSC), to name but a few.

Reporting an attack has benefits for both the victim and the official bodies that look to support them:

• Immediate remediation support: Governments and other official bodies are often able to provide expertise and guidance to help victims remediate the attack and minimize its impact
• Policy guidance insights: Protecting businesses from cybercrime, including ransomware, is a major focus for many governments around the globe. The more insights officials have into attacks and their impact, the better they can guide policies and initiatives
• Attacker takedown enablement: Timely sharing of attack details assists national and pan-national efforts to takedown criminal gangs, such the Lockbit operation in February 2024

With these benefits in mind, the insights from the survey make encouraging reading.

Insight 1: Most ransomware attacks are reported

Globally, 97% of ransomware victims in the last year reported the attack to law enforcement and/or official bodies. Reporting rates are high across all countries surveyed with just ten percentage points between the lowest rate (90% – Australia) and the highest (100% – Switzerland).

The findings reveal that, while annual revenue and employee count have minimal impact on propensity to report an attack, there are some variations by industry. In sectors with high percentages of public sector organizations, almost all attacks are reported:

• 100% state and local government (n=93)
• 6% healthcare (n=271)
• 5% education (n=387)
• 4% central/federal government (n=175)

Distribution and transport has the lowest reporting rate (85%, n=149), followed by IT, technology and telecoms (92%, n=143).

Insight 2: Law enforcement almost always assists in some way

For the organizations that do report the attack, the good news is that law enforcement and/or official bodies almost always get involved. Overall, just 1% of the 2,974 victims surveyed said that they did not receive support despite reporting the attack.

Insight 3: Support for ransomware victims varies by country

Respondents that reported the attack received support in three main ways:

• Advice on dealing with the attack (61%)
• Help investigating the attack (60%)
• Help recovering data encrypted in the attack (40% of all victims and 58% of those that had data encrypted)

Diving deeper, we see that the exact nature of law enforcement and/or official body involvement varies according to where the organization is based. While more than half of victims received advice on dealing with the attack across all countries surveyed, organizations in India (71%) and Singapore (69%) reported the highest level of support in this area.

Indian respondents also reported the highest level of support in investigating the attack (70%) followed by those in South Africa (68%), while the lowest rate was reported in Germany (51%).

Among those that had data encrypted, more than half globally (58%) received support in recovering their encrypted data. India continues to top the chart, with 71% of those that had data encrypted receiving assistance in recovering it. Notably the countries with the lowest propensity for victims to receive help recovering encrypted data are all in Europe: Switzerland (45%), France (49%),  Italy (53%) and Germany (55%).

Insight 4: Engaging with law enforcement is generally easy

Encouragingly, more than half (59%) of those that engaged with law enforcement and/or official bodies in relation to the attack said the process was easy (23% very easy, 36% somewhat easy). Only 10% said the process was very difficult, while 31% described it as somewhat difficult.

Ease of engagement also varies by country. Those in Japan were most likely to find reporting difficult (60%), followed by those in Austria (52%). Japanese respondents also had the highest propensity to find it “very difficult” to report the attack (23%). Conversely, respondents in Brazil (75%) and Singapore (74%) were most likely to find it easy to engage, while Italian organizations had the highest percentage that found it “very easy” (32%).

Insight 5: There are myriad reasons attacks are not reported

There were a range of reasons why 3% (86 respondents) did not report the attack, with the two most common being concern that it would have a negative impact on their organization, such as fines, charges, or extra work (27%), and because they did not think there would be any benefit to them (also 27%). Several respondents provided verbatim feedback that they did not engage official bodies as they were able to resolve the issue in-house.

Conclusion

The survey findings have revealed that reporting of ransomware attacks is very common, and victims almost always receive support as a result. Hopefully, these findings will encourage any organization that does fall victim in the future to notify their relevant body/ies. While it is generally easy for organizations to report an attack, there are also opportunities to facilitate the process at what is, inevitably, a very stressful time. As Chester Wisniewski, director, Global Field CTO, Sophos, comments, “Criminals are successful in part due to the scale and efficiency with which they operate. To beat them back, we need to match them in both these areas. That means that, going forward, we need even greater collaboration, both within the private and public sector—and we need it at a global level.”

Source: Sophos

The ISO accommodates up to 40Gbps and 120K connections/second.

We’re thrilled to share a major update for our NDR (Network Detection and Response) product: customers can now deploy NDR on certified hardware to support high traffic volume environments.

Key benefits

When deployed on supported virtual appliances (VMWare ESXi, MS HyperV, and AWS AMI), Sophos NDR is currently limited to 1GBS of network traffic. This limitation poses a challenge for customers with higher traffic and/or distributed branch offices.

This new ISO image deployment for certified hardware will support small, medium, and large network environments, accommodating up to 40Gbps and 120K connections/second.

License information

There is no change to licensing: Sophos NDR product licenses are determined by the number of users and servers in the environment and customers can deploy as many Sophos NDR sensors as needed.

How to get it

Customers and partners can select the new certified hardware ISO during the appliance setup in Sophos Central and follow the provided instructions for deployment on certified hardware.

Certified hardware requirements

• To utilize the ISO image, customers must acquire certified hardware from vendors such as Dell.
• Deploy the ISO only on certified hardware. While the image may work on other hardware, it cannot be supported, and functionality issues may arise.
• The hardware purchase and any associated warranties are the customer’s responsibility. Sophos does not have a reseller agreement with the certified hardware providers, and the hardware cannot be purchased through Sophos.
• Consult the Detailed Certified Hardware Specifications for more information

Source: Sophos

When we think about storing sensitive information, two types of information come to mind: digital data and physical data. While physical data can be securely stored in a physical vault, digital data should be stored in an encrypted cloud storage solution to protect it from common cyber threats.

Continue reading to learn the best ways to store your sensitive physical and digital information, plus the storage methods to avoid.

The risks of insecurely storing sensitive information

Insecurely storing sensitive information such as your login credentials, credit card details, Social Security card and passport can place you at a greater risk of having your online accounts compromised and your identity stolen. This is why it’s important to securely store your information both physically and digitally so unauthorized individuals aren’t able to access it.

The storage methods you should avoid for your sensitive information include the following.

• Storing physical documents in places where anyone can access them (e.g. under your mattress or in an unlocked drawer at home)
• Storing digital sensitive information in unencrypted cloud storage (e.g. on your device’s notes app or spreadsheets)

The best way to store your digital sensitive information

The best way to store your digital sensitive information is in an encrypted cloud storage solution like a password manager. A password manager is essential for cybersecurity because it aids in generating, storing, managing and sharing passwords. Some password managers can also store passkeys, files, documents and images. Password managers were designed to keep your digital data protected from unauthorized access so cybercriminals aren’t able to use your data maliciously to hack your accounts or steal your identity.

When choosing a password management solution, it’s important to take into account the solution’s security architecture. The password manager you choose should provide you with the highest level of encryption and have a history of being secure and reliable. Some features to look for in a password manager include the following.

• Zero-trust, zero-knowledge security
• 256-bit AES encryption
• Secure password and file sharing
• Passkey and 2FA code storage
• Multi-device compatibility
• Multi-Factor Authentication (MFA) support

The best way to store your physical sensitive information

The best way to store your physical sensitive information is in a safety box. This ensures that no one but you will be able to access it without providing a code, biometric authentication or key. There are many safety boxes to choose from, but we recommend looking at reviews and doing research before investing in one so you choose the best and most secure option.

Here are some best practices to keep in mind when using a safety box.

• If your safety box has a key, make sure no one can easily gain access to it
• If your safety box requires a code, don’t use numbers that are significant to you such as your birthdate or the birthdate of loved ones

How Keeper® helps you securely store your sensitive information

Keeper is a zero-trust and zero-knowledge password manager. Keeper uses 256-bit AES record-level keys and folder-level keys which are generated on your device to encrypt each stored record in your password vault. All contents of your vault are encrypted, including logins, file attachments, 2FA codes, payment information, URLs and custom fields.

Additionally, Keeper’s advanced cloud authentication and network communications model is built for the highest levels of privacy, security and trust, so there’s no need to worry about your stored data falling into the hands of cybercriminals.

Ready to start securely storing your digital data? Start a free 30-day trial of Keeper Password Manager today.

Source: Keeper

We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: Worldwide Managed Detection and Response (MDR) 2024 Vendor Assessment (doc #US49006922, April 2024).

The IDC MarketScape study evaluates the capabilities and business strategies of 19 managed detection and response service vendors, and positions Sophos in the Leaders Category. We believe this recognition demonstrates that Sophos is an ideal choice for organizations looking to elevate their defenses with a tried-and-true 24/7 expert-led managed detection and response.

Sophos was also recently named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024) and in the IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024).

Following the assessment, Craig Robinson, Research Vice President of Security Services, IDC, said: “Organizations looking for cost certainty, whether that is through their simplified predictable pricing method, or looking for unlimited incident response services paired with a $1M warranty, should consider utilizing Sophos for their MDR needs.”

Read the excerpt

Simplicity and flexibility

“With simple pricing and flexible service models, Sophos is named a Leader in the IDC MarketScape: Worldwide Managed Detection and Response (MDR) 2024 Vendor Assessment for providing an easy-to-understand option for companies looking to strengthen their cybersecurity defenses and address complex security needs,” said Craig Robinson, Research Vice President of Security Services, IDC. “The recent introduction of Sophos Managed Risk also demonstrates their commitment to addressing the evolving challenges of their customers in an ever-changing cybersecurity landscape.”

The IDC MarketScape evaluation refers to the flexibility and compatibility offered by Sophos Managed Detection and Response, noting that:

“Sophos MDR has expanded its detection capabilities beyond its Sophos products. Data is collected from third-party alert sources across multiple domains, which include but are not limited to endpoint, firewall, cloud, and identity. IDC recognizes that getting a complete view of attacks often requires the collection, analysis, and correlation of relevant network data along with other telemetry.”

Unlimited full-scale incident response

Sophos MDR Complete and Sophos MDR Essentials service tiers are designed to align to the customer maturity journey. With both service tiers including 24/7 expert-led investigation and response and threat hunting, the IDC MarketScape notes:

“The core differentiator of MDR Complete is that it includes a unique unmetered, full-scale incident response offering at no additional charge. The Sophos Breach Protection Warranty covers up to $1 million in response expenses for qualifying customers.”

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response, read the excerpt here.

Source: Sophos

Virtual Private Networks (VPNs) are used by businesses to secure remote access to systems and encrypt employees’ internet traffic. However, while VPNs add some level of protection for distributed workforces, they aren’t enough to keep your business and employees safe from common cyber threats since they make internal tracking of users complex, lack adequate protection and don’t scale in a remote work environment.

Rather than relying on VPNs, businesses should switch to a secure VPN alternative like Keeper Connection Manager® (KCM) – a zero-trust, agentless remote desktop gateway. Continue reading to learn more about what makes Keeper Connection Manager the best VPN alternative for businesses.

Why businesses need a VPN alternative

Here are some reasons your business should consider a secure VPN alternative.

VPNs make tracking users complex

One of the biggest challenges when using VPNs for remote access is they make tracking users complex. With VPNs, IT teams have to rely on confusing dashboards to attempt to understand what employees are accessing, when and why. This can cause IT admins to overlook tasks and make mistakes that open security gaps.

VPNs lack adequate protection

Some VPNs use less secure protocol standards or low-level encryption, making it easier for threat actors to steal business data even when employees are connected. Additionally, even some of the best VPNs regularly discover new vulnerabilities that cybercriminals can easily exploit. While VPN providers issue software patches for these vulnerabilities, it still leaves your business open to some risk.

VPNs don’t scale in a remote work environment

While VPNs can be effective for infrequent remote access for a limited number of employees, they don’t work well when scaled up. VPNs were not designed to accommodate multiple people to connect to them all day long, which can lead to poor reliability. This can cause many employees to not connect to VPNs, even when they’re supposed to, placing your business at risk of suffering a cyber attack.

Why Keeper Connection Manager is the best VPN alternative

Keeper Connection Manager is the best VPN alternative because it provides users with a zero-trust remote desktop solution that reduces administrative overhead and improves performance, reliability and employee productivity.

With KCM, administrators can provide access to an entire system or just one machine through RDP, SSH, VNC, MySQL and other common protocols without having to share credentials with end users. Access can be revoked at any time and an audit trail helps IT admins understand when and how the system is being used, making it easy to keep track of users so they can better protect their organization.

To access internal resources using KCM, remote teams log in through a web browser – no endpoint clients need to be installed, configured or maintained.

Secure your infrastructure with Keeper Connection Manager

Simply relying on a VPN to secure remote access could do more harm than good for organizations, making it important to consider other more secure solutions. Luckily, Keeper Connection Manager is the perfect solution for organizations that want to provide their IT and DevOps teams with secure and easy access to RDP, SSH, database and K8s endpoints.

Curious to learn more about how Keeper Connection Manager can help you secure your organization’s infrastructure? Start a free 14-day trial today.

Source: Keeper

Our fifth annual report reveals how ransomware experiences have changed over the last year, plus brand-new insights into the business impact of an attack.

The fifth Sophos State of Ransomware Report reveals the real-world ransomware experiences of 5,000 organizations around the globe, from root cause through to severity of attack, financial impact, and recovery time.

Based on the findings of a survey of IT/cybersecurity leaders across 14 countries, this year’s report combines year-on-year insights with brand new areas of study. It includes a deep dive into ransom demands and ransom payments, and shines new light on the role of law enforcement in ransomware remediation.

Download the report to get the full findings and read on for a taster of some of the topics covered.

Attack rates have dropped, but recovery costs have increased

59% of organizations were hit by ransomware last year, a small but welcome drop from the 66% reported in both the previous two years. While any reduction is encouraging, with more than half of organizations experiencing an attack, this is no time to lower your guard.

While the attack rate has dropped over the last year, overall recovery costs (excluding any ransom payment) have soared to $2.73M, a 50% from the $1.82M reported in 2023.

Having your full estate encrypted is rare

On average, just under half (49%) of an organization’s computers are impacted by a ransomware attack. Having your full environment encrypted is extremely rare, with only 4% of organizations reporting that 91% or more of their devices were impacted.

More than half of victims now pay the ransom

For the first time, more than half (56%) of the organizations that had data encrypted admit to paying the ransom to recover data. The use of backups has dropped slightly from last year (68% vs. 70%) while 26% used “other means” to get data back which include working with law enforcement or using decryption keys that had already been made public.

A notable change over the last year is the increase in propensity for victims to use multiple approaches to recover encrypted data (e.g., paying the ransom and using backups). Almost half of organizations that had data encrypted reported using more than one method (47%) this time around, more than double the rate reported in 2023 (21%).

Ransom payments have soared – but victims rarely pay the initial sum demanded

1,097 respondents whose organization paid the ransom shared the actual sum paid, revealing that the average (median) payment has increased 5-fold over the last year, from $400,000 to $2 million.

While the ransom payment rate has increased, only 24% of respondents saying that their payment matched the original request. 44% paid less than the original demand, while 31% paid more.

For more insights into ransom payments, and many other areas, download the full report.

About the survey

The report is based on the findings of an independent, vendor-agnostic survey commissioned by Sophos of 5,000 IT/cybersecurity leaders across 14 countries in the Americas, EMEA, and Asia Pacific. All respondents represent organizations with between 100 and 5,000 employees. The survey was conducted by research specialist Vanson Bourne between January and February 2024, and participants were asked to respond based on their experiences over the previous year. Within the education sector, respondents were split into lower education (catering to students up to 18 years) and higher education (for students over 18 years).

Source: Sophos

Sophos continues to deliver the strongest endpoint protection in the industry.

Adaptive Attack Protection is a powerful and unique differentiator in Sophos Endpoint. It dynamically enables heightened defenses when a “hands-on-keyboard” attack is detected. In this elevated mode of protection, actions that are usually benign but commonly abused by attackers are blocked outright by Sophos Endpoint – dramatically reducing the likelihood of the attack’s success and giving you more time to neutralize the threat.

As attackers continue to innovate in their approaches, we have extended this unique protection with additional capabilities that further protect Sophos Endpoint customers against active adversaries.

Greater Protection, More Control, Increased Visibility

This Sophos-exclusive protection capability is now even stronger. All Sophos Endpoint customers now benefit from a number of significant enhancements:

• Greater protection. Customers now have the option to apply specific Adaptive Attack Protection blocking rules persistently via new policy settings in their Sophos Central cloud-based management console.
• More control. Customers can now manually activate (and deactivate) Adaptive Attack Protection on a device to apply more aggressive protection while investigating suspicious activity – ideal for scenarios where fully isolating the device from the network may cause significant operational disruption to the organization. You can also extend the time that Adaptive Attack Protection is activated on a device to give more time to complete an investigation.
• Increased visibility. New Adaptive Attack Protection events and alerts notify you when a device is under attack and urge responders to take action to neutralize the threat.

New manual controls for Adaptive Attack Protection.

New alerts notify customers when Adaptive Attack Protection is activated on a device.

New Safe Mode Protection

When adversaries fail to break through runtime protection layers on an endpoint, they often attempt to restart the device into Safe Mode, where security software is not present or minimal. Sophos Endpoint now protects against adversary abuse of Safe Mode with two new capabilities:

• Block safe mode abuse: A new Adaptive Attack Protection persistent policy rule is now available that prevents adversaries from programmatically restarting devices into Safe Mode.
• Enable protection in safe mode: Sophos Endpoint protection capabilities, including our unrivaled CryptoGuard anti-ransomware technology and AI-powered malware protection, can now be enabled on devices running in Safe Mode.

New safe mode protection policy settings.

Adaptive Attack Protection is available to all Sophos Endpoint customers today.

To learn more about Sophos Endpoint and how it can help your organization better defend against today’s advanced attacks, speak with a Sophos adviser or your Sophos partner today.

Source: Sophos

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) (“DORA” or the “Act”) is a European Union regulation intended to ensure the digital resilience of financial entities¹ in the EU against Information Communication Technologies (ICT) – related incidents and operational disruptions. The European Commission completed DORA on January 16, 2023. Its requirements become effective and apply on January 17, 2025.

Scope of DORA

DORA applies to all EU “financial entities,” including banks, investment firms, credit institutions, insurance companies, crowdfunding platforms, as well as critical third parties offering ICT-related services to financial institutions such as software vendors, cloud service providers and data centers, data analytics providers, and more. Article 2 of (EU) 2022/2554 identifies the following financial entities covered by the Act.

List of financial entities covered by the regulation:

• Credit institutions
• Payment institutions
• Account information service providers
• Electronic money institutions
• Investment firms
• Crypto-asset service providers and issuers of asset-referenced tokens
• Central securities depositories
• Central counterparties
• Trading venues
• Trade repositories
• Management companies
• Managers of alternative investment funds
• Data reporting service providers
• Insurance and reinsurance undertakings
• Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries
• Institutions for occupational retirement provision
• Credit rating agencies
• Administrators of critical benchmarks
• Crowdfunding service providers

Why DORA?

DORA “acknowledges that ICT incidents and a lack of operational resilience have the possibility to jeopardise the soundness of the entire financial system, even if there is “adequate” capital for the traditional risk categories.” The DORA regulatory framework lays out requirements that address the security of financial entities’ networks and information systems to enhance cybersecurity across the EU’s financial sector. This helps financial entities reduce the potential impact of digital threats on their business continuity, legal liability, and financial and reputational loss.

Requirements of DORA

In order to achieve a high common level of digital operational resilience, this Regulation lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities as follows:

1. ICT Risk Management: Financial entities shall have a sound, comprehensive and well-documented ICT risk management framework as part of their overall risk management system, which enables them to address ICT risk quickly, efficiently and comprehensively and to ensure a high level of digital operational resilience.
2. ICT-Related Incident Management Process: Financial entities shall record all ICT-related incidents and significant cyber threats. Financial entities shall establish appropriate procedures and processes to ensure a consistent and integrated monitoring, handling and follow-up of ICT-related incidents, to ensure that root causes are identified, documented and addressed in order to prevent the occurrence of such incidents.
3. Digital Operational Resilience Testing: To ensure that financial entities are prepared to tackle ICT-related incidents, DORA defines common standards with a focus on resilience testing by these entities, “such as vulnerability assessments and scans, open source analyses, network security assessments, gap analyses, physical security reviews, questionnaires and scanning software solutions, source code reviews where feasible, scenario-based tests, compatibility testing, performance testing, end-to-end testing and penetration testing.”
4. ICT Third-Party Risk Management (TPRM): Recognizing the increasing importance of third-party ICT service providers, DORA requires financial entities to “manage ICT third-party risk as an integral component of ICT risk within their ICT risk management framework” through contractual agreements like accessibility, availability, integrity, security, and protection of personal data; clear termination rights; and more.
5. Information and Intelligence Sharing: With the aim of boosting the collective ability of financial institutions to identify and combat ICT risks, DORA encourages them to “exchange amongst themselves cyber threat information and intelligence, including indicators of compromise, tactics, techniques, and procedures, cyber security alerts and configuration tools, to the extent that such information and intelligence sharing:
   • aims to enhance the digital operational resilience of financial entities, in particular through raising awareness in relation to cyber threats, limiting or impeding the cyber threats’ ability to spread, supporting defence capabilities, threat detection techniques, mitigation strategies or response and recovery stages;
   • takes place within trusted communities of financial entities;
   • is implemented through information-sharing arrangements that protect the potentially sensitive nature of the information shared, and that are governed by rules of conduct in full respect of business confidentiality, protection of personal data in accordance with Regulation (EU) 2016/679 and guidelines on competition policy.”
6. Oversight Framework of Critical ICT Third-Party Providers: The Joint Committee, in accordance with Article 57(1) of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, shall establish the Oversight Forum as a sub-committee for the purposes of supporting the work of the Joint Committee and of the Lead Overseer referred to in Article 31(1), point (b), in the area of ICT third-party risk across financial sectors. The Oversight Forum shall prepare the draft joint positions and the draft common acts of the Joint Committee in that area.

The Oversight Forum shall regularly discuss relevant developments on ICT risk and vulnerabilities and promote a consistent approach in the monitoring of ICT third-party risk at Union level.

DORA and NIS 2

DORA and NIS 2 are two critical pieces of EU cybersecurity legislation. The NIS 2 Directive (Directive (EU) 2022/2555) is a legislative act that aims to achieve a high common level of cybersecurity across the European Union.

The relationship between DORA and NIS 2 is that NIS 2 aims to improve cybersecurity and protect critical infrastructure in the EU, whereas DORA addresses the EU financial sector’s increasing reliance on digital technologies and aims to ensure that the financial system remains functional even in the event of a cyberattack.

What is significant to note is that NIS 2 is a European directive. By October 17, 2024, Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive. DORA is a European regulation that will be applicable as it stands in all EU countries from January 17, 2025.

Article 1(2) of DORA provides that, in relation to financial entities covered by the NIS 2 Directive and its corresponding national transposition rules, DORA shall be considered a sector-specific Union legal act for the purposes of Article 4 of the NIS 2 Directive.¹²  DORA is “lex specialis” to NIS 2^13,14 for the financial sector, a principle that states that a specific law takes precedence over a general one. So, for financial entities covered under DORA, this text prevails over NIS 2. However, this does not mean that NIS 2 obligations are no longer applicable to entities affected by both texts.

Penalties for DORA non-compliance

The potential penalties associated with DORA can be significant and, differently to GDPR and/or NIS 2, encourage the firm to comply by imposing fines on a daily basis. Those organizations deemed noncompliant by the relevant supervisory body may find themselves subject to a periodic penalty payment of 1% of the average daily global turnover in the preceding year, for up to six months, until compliance is achieved. The supervisory body may also issue cease-and-desist orders, termination notices, additional pecuniary measures, and public notices.

DORA timelines

DORA was first proposed by the European Commission in September 2020. It came into force on January 16, 2023. Financial entities and third-party ICT service providers have until January 17, 2025 to prepare for DORA and implement it. Batch 1 of the Regulatory Technical Standards, or RTS, and the Implementing Technical Standards (ITS) were published on January 17, 2024. Batch 2 of these standards is under consultation.

Source: Sophos

The security concept known as “Privilege Creep” occurs when an individual accumulates access rights over time, retaining entry to systems and data beyond the completion of a specific task or the need for such access. This gradual accumulation of unnecessary privileges within an organization not only complicates the management of access rights but also magnifies the potential for security breaches, data theft and misuse of information. As privileges amass unchecked, the attack surface widens, offering malicious actors more opportunities to exploit vulnerabilities that could lead to a breach. Addressing this issue requires diligent access management and adherence to the principle of least privilege, ensuring individuals have access only to the resources necessary for their current roles and responsibilities.

Mitigating Privilege Creep is critical to enhancing an organization’s cyber security posture, but it’s historically been difficult to quickly and securely revoke access rights once they have been granted… until now.

Keeper is excited to announce Time-Limited Access and Self-Destructing Records for encrypted, time-bound access and credential sharing in the Keeper platform.

Time-Limited Access

Time-Limited Access enables users to share a record or folder with another Keeper user for a designated period of time. Upon expiration, the recipient will have their access automatically revoked without requiring the sending party to take any action. Time-Limited Access can be applied to thousands of common scenarios from sharing the WiFi password with a visiting guest to admins sharing the login details for a database.

Time-Limited Access solves the long-term struggle many organizations have around elevated access. Users often need to be granted temporary or short-term privileges that go beyond their standard access levels. Organizations can maintain least privilege by only allowing elevated access for the set duration of time and only to perform the tasks required, eliminating the need to create power users with access outside of the scope of their projects.

Combining Time-Limited Access with Keeper Secrets Manager (KSM) provides privileged users with powerful sharing functionality. When paired with KSM’s automatic service account rotation capabilities, users can schedule rotation of the shared credential upon the expiration of access, ensuring the recipient never has standing privilege.

Self-Destructing Records

Self-Destructing Records take this concept one step further by allowing users to create a record and send a one-time share that will delete itself from the sender’s vault after the recipient opens the shared record.

This happens after a designated period of time or once the recipient has viewed the record for five minutes, whichever comes first.

A typical scenario is employee onboarding, when IT needs to share login credentials with a new staff member. IT can share the record containing those credentials and upon receipt, the original record will self-destruct, eliminating the risk associated with long standing access to the employee’s login information.

With Self-Destructing Records, the information can be accessed securely and is automatically deleted, ensuring it doesn’t linger or become accessible beyond its intended purpose. This record’s unique trait of being viewable on only one device further tightens security, preventing unauthorized distribution or viewing on multiple devices.

These access and sharing updates are available for both consumer and business users. Administrators can enable or disable these features in the ‘Creating and Sharing’ section of role settings in the Admin Console for business and enterprise organizations. Administrators with Keeper Advanced Reporting and Alerts Module (ARAM) are also able to receive ARAM events for when a timer is added to a record, and when the timer and share expire.

Easy-to-Use, Encrypted Access for All

Time-Limited Access brings several key benefits to users and administrators:

Self-Destructing Records enables its own set of benefits including:

Secure and Streamline Credential Sharing with Keeper

Time-Limited Access and Self-Destructing Records are just the latest in Keeper’s ongoing efforts to enhance Privileged Access Management (PAM) capabilities for all users. By limiting the amount of time users have access to records, organizations simplify compliance and end-users can rest easy knowing their records are shared securely.

Using Time-Limited Access and Self-Destructing Records is very simple. To learn how, please refer to the product release notes.

To see Time-Limited Access and Self-Destructing Records in action, schedule a demo today.

Source: Keeper

Keeper Security is pleased to announce that passphrases are now supported in the Keeper Vault. Passphrases provide a highly secure yet easy-to-remember approach to logins for all users, and can be both generated and stored with Keeper.

Keeper’s passphrase generator is a new option within its existing password generator. Users and admins will have the choice of which generator they would like to use or enforce for their organization. Keeper’s passphrase generator leverages Electronic Frontier Foundation’s recommended wordlist but has been sanitized to remove any offensive words. Currently, only English words are used by the passphrase generator.

In addition to passphrases, character-specific policies for symbols are now included with Keeper’s existing password generator. For example, users generating a password for a site that doesn’t include certain characters such as ^, ? or + can choose to remove those symbols from their passwords.

How to Use Passphrases in Keeper

The experience of generating and saving a passphrase is nearly identical to the current way to generate and save a password in Keeper, ensuring the same ease of use.

From the Keeper Vault, select Create New and select Record.

Users are prompted to choose their record type and title the record, then select Next. This brings up the record detail menu. To generate a passphrase, click on the dice icon.

This opens the Password Generator where users will see a new drop-down menu option. Click on the drop-down menu and select Passphrase.

Once opened, users can customize their passphrase complexity. Just like passwords, the more complex a passphrase is, the more secure it is. Passphrases in Keeper support up to 20 words.

Selecting Capitals, will capitalize the first letter of each word, while choosing Numbers adds a single digit (0-9) to the beginning or the end of some of the words.

Each word requires a separator. By default, Keeper uses “–” but users can change their default to any of the other options that include “.”, “_”, “!”, “?” or a space by toggling the “Use as default settings” box. Users have the option to include multiple different separators.

After generating a passphrase, the user will select Use Passphrase and be returned to the record detail menu to save the record.

Click Save and the record with the randomized passphrase will be added to your Keeper Vault.

How to Enable the Passphrase Generator for Administrators

Keeper Administrators looking to enable passphrases for their organization can toggle the ability to leverage passphrases on or off.

Administrators will need to navigate to Record Passwords in the Roles section of the Admin Console and select Passphrase Generator. From this screen, simply toggle Allow Passphrase Generator on or off to select your preferred role policy. Administrators looking to enable passphrases must select at least one of the available separators.

If the Passphrase Generator is disabled, the section will not be interactive in the Admin Console and end users will not have the Passphrase Generator option in their Keeper Vault.

If Keeper Administrators want to only allow passphrases on specific domains, select Domain-Specific Generator. From this tab, click on Add Domain and add the URL of the preferred domains where passphrases will be available for use. After selecting the security rules desired, click Add.

The list of allowed domains will be displayed and administrators can edit them at any point.

Simplify Logins with Keeper

Keeper is driven to continue making its platform easier to use than ever before. Enhancing login types and streamlining the generation of those is key to that approach for both consumers and organizations alike.

To learn more about passphrases and how Keeper is the most secure and easy-to-use password management platform, schedule a demo today.

Source: Keeper

IT asset discovery is a process to find and document assets that are connected to the network. Asset discovery tools provide an automated solution for an accurate inventory of all the hardware and software on the network or environment.

Automate and Manage Your Network Assets with Datto RMM Asset Discovery Tools

As a managed service provider (MSP) you know that managing a client’s networks can be a complicated process. It’s essential to be able to monitor, support, and secure anything that is connected to a network to minimize any security risks.

However, it’s no longer enough just to know what’s on the network. As an MSP, you need to understand the relationships between the devices and services that keep your customers up and running.

Datto RMM’s built-in asset discovery and management tool offers real-time visibility of every asset connected to a network. The tool is able to locate every asset including those not already under your management in Datto RMM.

Datto RMM provides:

• Insightful discovery.
  Instantly view all discovered devices on the network, where they are located, and their current status.

• Faster troubleshooting.
  View essential network information at a glance, with open alerts represented on devices and the impact they have on each other. Technicians can quickly navigate to any device, gather critical information, and set up a remote connection with a single click.

• Mitigation of potential issues.
  Technicians don’t just see the endpoints in isolation. Datto RMM’s Network Topology maps illustrate the relationships between all devices on the network, allowing you to gauge the impact of a change before it’s made.

Datto RMM helps MSPs manage the complexity, costs, and risks associated with supporting your client endpoints. Whether managing a single endpoint or hundreds of thousands of endpoints, Datto RMM helps MSPs keep their supported estate secured, patched, stable, and functioning.

Request a Demo of Datto RMM Today.

Benefits of using asset discovery tools?

The use of spreadsheets to track devices and software in a complex network is no longer an option. The use of automated IT Asset management provides the MSP with a solution to:

• Reduce costs: Prepare information remotely, automate and identify what is not being managed, simplify monitoring and managing for recurring processes, and assess future requirements.
• Mitigate risk: Quickly identify what’s not being managed and where potential risks lie
• Manage devices: Understand compliance status of managed devices, and uncover previously missed opportunities to manage new devices

How to get started with RMM Asset Discovery

Datto RMM will obtain the following information from devices on the network including routers, switches, and IoT devices:

• Operating system
• Manufacturer
• Hostname
• Device type
• IP addresses
• MAC addresses
• Used uplink port
• Relationships between the device and the networking infrastructure
• Whether the device is being managed by Datto RMM and open alerts

Datto RMM’s IT asset discovery tool empowers managed service providers’ ability to continuously discover and identify every device on the network – not just those managed with Datto RMM – generating a visual layout of the network to show how devices are connected to each other, and quickly identifying where issues are on the network.

Which systems does the Datto RMM Support?

Datto RMM supports systems running on:

• Windows:
  • Windows 7 SP1 with Windows Updates KB2999226 and KB2533623 installed
  • Windows Server 2008 R2 SP1 with Windows Updates KB2999226 and KB2533623 installed
  • Windows 8.1 with Windows Update KB2999226 installed
  • Windows Server 2012 R2 with Windows Update KB2999226 installed
  • Windows 10 with .NET Core 3.1
  • Windows Server 2016 with .NET Core 3.1
  • Windows Server 2019 with .NET Core 3.1
• Linux with .NET Core 3.1
• macOS with .NET Core 3.1

To learn more about Datto RMM, please visit www.datto.com/products/rmm.

Source: Datto

As a channel-first, channel-best company, the award validates our commitment to helping MSPs deliver superior cybersecurity outcomes for our customers amid constantly evolving threats.

SE Labs assesses security vendors based on a combination of continual public testing, private assessments, and feedback from corporate clients. The first-of-its-kind Best MSP Solution award recognizes the critical role MSPs play as the first line of defense for small- and medium-sized businesses (SMBs) against data breaches, ransomware and other debilitating cyberattacks.

“SE Labs Annual Security Awards 2024 acknowledge industry leaders for their best-in-class products and services. Following our conversations within the community and rigorous testing, we created shortlist of exceptional companies that support their partners. We are thrilled to award Sophos Best MSP Solution, for keeping their MSP and partner community armed with innovative security solutions and intelligence that protect their customers in the ever-evolving threat landscape,” said Simon Edwards, CEO at SE Labs. 

To better protect their businesses and customers, MSPs are prioritizing vendors that can help them understand how attackers operate while providing advanced security solutions that adapt as adversaries change their tactics, techniques, and procedures.

“MSPs need a vendor that understands their business model and practices. Since Sophos works exclusively with the channel, we know how to best partner with MSPs, from an operational standpoint to providing scalable, innovative security products and services that can defend their customers from inevitable cyberattacks,” said Simon Reed, chief research and scientific officer at Sophos.

Sophos defends more than 300,000 organizations worldwide against advanced attacks, with anti-ransomware, anti-exploitation, behavioral analysis, and other innovative technologies.

Sophos products are managed in the cloud-native Sophos Central platform, which is part of the Sophos Adaptive Cybersecurity Ecosystem that collects, correlates, and enriches security data with additional context to enable automatic and synchronized responses to active threats.

Intercept X endpoint technology includes industry-first Adaptive Attack Protection, which automatically disrupts in-progress attacks and dynamically puts “shields up” to give defenders valuable additional time to respond to an intrusion. The Account Health Check capability also identifies security posture drift, misconfigurations, and provides the ability to remediate such issues with one click.

To help further partners’ and MSPs’ awareness of critical industry issues, Sophos provides real-time and historical threat intelligence from the Sophos X-Ops unit, a cross-functional team of more than 500 Sophos cybersecurity experts worldwide. Sophos X-Ops’ intelligence helps partners and MSPs confidently address customers’ questions and concerns about the latest ransomware, vulnerabilities, and attacks circulating in the news.

Source: Sophos

You should use a password manager in 2024 because a password manager protects your login credentials and keeps your online data safe. Password managers do more than just protect and store passwords; they also store your passkeys, generate new, strong passwords, and let you store and securely share important documents such as medical records, identification cards, credit cards and more.

Continue reading to learn why using a password manager is important in 2024 and the risks associated with not using one.

What is a password manager?

Password managers create, store and manage passwords, passkeys and other data. People who use password managers only need to remember a single password known as their master password to securely access the rest of their passwords. They can also opt to use their biometrics, like FaceID, to sign into their password manager vault seamlessly.

6 reasons why you should use a password manager

There are many reasons to use a password manager in 2024. Here are six of the top reasons.

1. Password-based attacks are the top attack vector in 2024

Last year, cybercriminals made over $1 billion in ransom payments.  Ransomware, malware and password-based attacks are on the rise in 2024. Stolen credentials are commonly used by cybercriminals to successfully execute data breaches, according to Verizon’s 2023 Data Breach Investigations Report. In fact, 74% of breaches involve the use of stolen credentials. Cybercriminals often purchase these stolen credentials on the dark web and use them to access personal and work accounts. Since many people often use the same password across multiple websites, applications and systems, if a single password is compromised, all your accounts that use the same password are also at risk of being compromised.

The best way to protect yourself and your organization from password-based attacks is by using a password manager. A password manager with dark web monitoring capabilities helps you ensure each of your passwords is strong and unique. It’ll also notify you in real time if any of your credentials are found on the dark web so you can take action immediately by changing your passwords.

2. Reduces password fatigue 

The average person has about 100 online accounts including, financial, social media, work and school accounts. That means people are expected to remember over 100 unique passwords. This often leads to people using the same password or a variation of the same password across multiple accounts, ultimately putting their accounts at higher risk of being compromised. Password managers generate strong and unique passwords for online accounts and store them securely in an encrypted digital vault. The only password users have to remember is a master password to access their login credentials and other sensitive data – significantly reducing password fatigue.

3. Helps you generate strong and unique passwords 

Password managers have a built-in password generator that can instantly create strong and unique passwords. By using a password manager’s autofill function, users can create passwords for their accounts without having to come up with them on their own. This ensures that each of their accounts is always secured with a strong password that can’t be easily compromised by a cybercriminal.

4. Protects you from phishing scams

Many phishing scam emails and text messages are created to lead unsuspecting victims to phishing websites designed to steal login credentials, credit card details and more. Some phishing websites can be difficult for the average person to spot. Password managers can easily spot phishing websites due to their autofill capabilities. A password manager with an autofill function will only autofill your credentials if the website’s URL matches the one you have stored in your password manager’s vault. If the password manager doesn’t autofill your credentials, this is an immediate red flag that the site you’re on is not legitimate and likely malicious.

5. Enables you to securely share passwords, passkeys and more

Insecurely sharing any sensitive information through email or text message can place your accounts and your identity at risk of being compromised. It’s important that when you’re choosing to share private documents or passwords, you do it in a way that is secure and allows you to manage access to them. Password managers like Keeper do just that. With Keeper Password Manager users can share stored data through vault-to-vault sharing or the One-Time Share feature.

Vault-to-vault sharing allows you to share access to a record with other people who use Keeper. Before sharing you can choose how much access you want the recipient to have, such as View Only, Can Edit, Can Share and Can Edit & Share. You can also revoke access to the record at any time. One-Time Share allows you to share records with anyone on a time-limited basis, even if they’re not a Keeper user themselves.

6. Works across multiple browsers and devices

There are three main types of password managers: password managers that come built into your devices like iCloud Keychain, browser password managers like the one that comes with Chrome and standalone password managers like Keeper. One of the biggest limitations of both iCloud Keychain and browser password managers is that they can’t be accessed from everywhere. For example, you can’t access your iCloud Keychain data from a Windows computer and you can’t access your Chrome data from another browser like Safari.

This limitation can cause frustration, especially when you want to sign in to one of your accounts from a different browser or device. Standalone password managers, on the other hand, allow you to access your stored data from anywhere, no matter what device or browser you’re using.

What are the risks of not using a password manager?

Here are a few of the risks associated with not using a password manager.

Password reuse

Many people tend to use the same password or variations of the same password for multiple accounts. This is typically because people can’t remember unique passwords for every single account. This is a major risk because if just one reused password is compromised, it places every account that uses the same password at risk of also becoming compromised.

Weak password creation

Creating passwords that are considered strong is difficult to do on your own. Strong passwords have to be at least 16 characters and contain uppercase and lowercase letters, numbers and symbols. However, these strong passwords are difficult for people to remember, so most people choose to create passwords that are weak but easy to remember.

Using weak passwords for accounts is dangerous because it increases the likelihood of an unauthorized user being able to guess or crack that password successfully.

Multiple password resets

When people forget their password, their first option is to reset it. While resetting your password once won’t hurt you, resetting your password multiple times can. The more times you need to reset your passwords, the more likely you are to use weak passwords or begin reusing passwords. This is especially true if you don’t use a password manager to help you create and store them.

Insecure password sharing

Password sharing isn’t uncommon. People share their login credentials with friends and family for streaming accounts like Spotify, Hulu and Prime Video. When sharing passwords, a lot of people choose to share them using insecure methods like text messages and emails. These sharing methods are dangerous because they’re not encrypted, which means anyone can intercept them. Additionally, by sharing your passwords insecurely you have no visibility into who you’ve shared your password with. This makes it extremely difficult to properly manage your accounts and who has access to them.

Keep your most important data secure with a password manager

Password managers are amazing tools to invest in to keep your online data safe from cyber threats and criminals. Aside from protecting your information, they also make your online experience a whole lot easier with their autofill capabilities.

To see how a password manager can help you secure your data and streamline your online experience, start a free 30-day trial of Keeper Password Manager today.

Source: Keeper

Sophos Managed Risk combines vulnerability management technology from Tenable with Sophos’ threat expertise as a fully managed service.

Exploited unpatched vulnerabilities are the leading root cause of successful attacks, as reported in Sophos’ 2024 Ransomware Report.

The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.

Given this pressing need, we are excited to introduce Sophos Managed Risk, powered by Tenable. This new service enables organizations to find and eliminate blind spots and stay ahead of potential attacks by clearly understanding and prioritizing the highest risk exposures, with expert guidance from Sophos’ dedicated team.

Sophos Managed Risk delivers:

• Attack surface visibility
  The modern attack surface continues to grow beyond the borders of traditional IT, and most organizations now have internet-facing assets they don’t realize they own, providing easy targets for threat actors. Sophos Managed Risk discovers the organization’s internet-facing assets and analyzes their external attack surface.
• Continuous monitoring
  In-house IT and security teams may lack the deep knowledge and experience of the exploitation landscape needed to fully understand the security posture of their organization’s attack surface. Sophos Managed Risk provides expert guidance and helps set remediation priorities.
• Risk-based vulnerability prioritization
  New vulnerabilities are discovered faster than most organizations can fix them. Understanding which ones are relevant and in which order to patch them is a significant challenge. Sophos Managed Risk identifies and prioritizes exposures using extensive vulnerability coverage and risk-based prioritization technology from Tenable.
• Proactive notification of high-risk exposures
  Attackers look for weaknesses in the environment long before organizations know they’re there. Identifying high-risk exposures quickly is crucial. Sophos Managed Risk provides proactive notification when new critical vulnerabilities are discovered that affect the organization’s assets.

“One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management,” said Craig Robinson, research vice president of Security Services, IDC. “Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management.”

The Sophos-Tenable Alliance

Sophos Managed Risk combines industry-leading technology from Tenable with threat expertise from Sophos, delivered as a proactive attack surface management service. This unique partnership brings together two highly respected cybersecurity market leaders to deliver superior security outcomes for customers and partners.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”

“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Collaborates with the world’s most trusted MDR service

Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The dedicated Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions.

For example, when Sophos discovers a new high-risk zero-day vulnerability that could leave an organization exposed, Sophos Managed Risk scans their assets for the possibility of an exploit and proactively notifies the customer. Organizations can connect with the Sophos Managed Risk team and conveniently manage vulnerability escalation cases alongside MDR investigations in one unified Sophos console.

Available soon

With Sophos Managed Risk experts providing insights into attack surface vulnerabilities, organizations of all sizes can reduce cyber risk, accelerate their patching programs, and improve insurability. The new service will be available at the end of April 2024.

To learn more about Sophos Managed Risk and how it can support you, visit our website or speak with a security expert today.

Source: Sophos