50% of employees admit to clicking links from unknown senders. But which 50%? It’s time for a targeted approach to cybersecurity training.

Teaching users with simulated phishing attacks and training is half the battle in the race against phishing attacks. But what about the real test for users? The phishing emails, the unverified USBs, the ones that cripple the customer database on a Sunday at 1am?

Sophos Phish Threat now offers a breakthrough in cybersecurity training with Sophos Synchronized Security. By connecting Sophos Email and Phish Threat, we’ve taken the guesswork out of finding those riskier users in your organization – those who need a more targeted approach to training.

A breakthrough in cybersecurity training

50% of employees* admit having clicked on an email link from an unknown sender in the last 6 months that turned out to be malware or a scam. Regular attack simulations and security awareness training make all the difference, with existing Phish Threat customers able to reduce susceptibility to attack by 31% in just four tests (that’s opening and still clicking to you and me).

But while you train all users on cyberthreats, how do you find and train the weakest links in your organization?

Sophos Synchronized Security now lets you do that by connecting Sophos Email and Phish Threat. It helps you identify users who regularly click malicious links or violate other security policies, and lets you enroll them directly into targeted training.

Sophos Email and Phish Threat

Available now, Sophos Email Advanced is the first Secure Email Gateway to feed intelligence directly to a security awareness training solution for the best results.

The new Sophos Email Advanced At Risk Users report highlights which users are clicking email links rewritten by Time-of-Click URL protection, and identifies those who have either been warned or blocked from visiting a website due to its risk profile. You can then enroll those users in Phish Threat simulations and security awareness training with one click – increasing their threat awareness and reducing risk.

Take the guesswork out of training today

The greatest risk from attackers is not individual campaigns, but instead connected attacks, where vehicles like phishing are used to first penetrate your defenses.

Sophos is already the only vendor to offer a layered security defense, with protection at every point of the attack chain. Synchronized Security goes beyond that to take the guesswork out of finding those users who need a more targeted approach to training. Find out more about Sophos Email and Sophos Phish Threat today, and take the 30 day free trial.

More than ever, customers understand their right to data privacy. As major brands continue to lose sensitive data to cybercriminals in high-profile cloud security failures, customer trust in companies across industries is fading. Only 25 percent of consumers believe most companies handle their data responsibly, according to PricewaterhouseCoopers (PwC). As a result, secure, transparent data handling practices are more imperative than ever.

New regulations signal that governing bodies are also taking the enterprise’s responsibility for data privacy very seriously. The Brazil Privacy Act and the California Consumer Privacy Act support the consumer’s right to understand how their data is collected and used, and the New York Department of Financial Services (NYDFS) requirements are among the first regulations to address cloud security risks. Proposed rules require financial institutions to conduct vulnerability assessments and practice data classification and safe data management, whether the data resides on-premises or in the cloud.

Misconfigurations Cause Database Security Mayhem

Despite increased pressure to protect customer data, security teams are still struggling to address database security risks. Misconfigured servers, networked backup incidents and other system misconfigurations resulted in the exposure of 2 billion data records in 2017, according to the “IBM X-Force Threat Intelligence Index 2018” — that’s a 424 percent increase in such data breaches over last year’s total.

Cybercriminals are innovating quickly to take advantage of enterprise cloud security challenges. Many are using and creating open source tools to scan the web for unprotected cloud storage and, in some cases, locking these systems for ransom. Results from a Threat Stack study indicated that the majority of cloud databases are unprotected or otherwise misconfigured. Researchers attributed the prevalence of misconfigurations to employee negligence and insufficient IT policies.

Why The Enterprise Cloud Is Vulnerable

Still, it would be unfair to blame the current state of enterprise cloud security on employee negligence — at least, not entirely. Critical misconfigurations are technically the result of inadvertent insider error, but the reality is a bit more complex. Correcting configurations and compliance risks is difficult because security teams lack actionable visibility into cloud risks. There’s a glut of security risk to deal with, and traditional approaches to assessing risk result in an abundance of data with little actionable intelligence.

The enterprise cloud environment is complex and difficult to capture with vulnerability assessment tools designed for physical network and endpoint risk assessments. The unstructured, NoSQL landscape of the big data on cloud evolves on a near-daily basis to accommodate new forms of unstructured data. It’s no wonder that trying to assess database security risk across heterogeneous environments is often compared to finding a needle in a haystack.

Layered vulnerability assessments are crucial to protect against cloud security and compliance risks. Under some recent regulatory requirements, in fact, vulnerability assessments are mandatory. However, the enterprise needs vulnerability solutions that can support the scale of cloud database-as-a-service (DBaaS), traditional on-premises databases, warehouses and big data environments in a meaningful way.

Advanced analytics are necessary to sort through complex event data to correlate patterns and find true outliers that are associated with meaningful risk of data loss or advanced threats. The sheer volume and variety of data in the enterprise cloud requires proactive vulnerability assessment. A vulnerability assessment solution should automate risk prioritization, recommend remediation and simplify complex compliance requirements.

How To Achieve Real-Time Security And Compliance In Cloud Or Hybrid Environments

Reducing risk requires visibility and control with an adaptive, real-time approach to understanding exposure. In a database environment, assessments should actively examine privileges, authentication, configuration, versioning and patching. Finding and remediating advanced threats from insiders, ransomware and data breaches requires advanced analytics. Your vulnerability assessment solution should rank risks based on the importance of data and breach likelihood and recommend remediation actions.

Security and risk are convening in the enterprise, and vulnerability tools should deliver risk intelligence that can be shared with the chief information officer (CIO), chief security officer (CSO) and chief risk officer (CRO). Enterprise cloud environments are complex, but a vulnerability assessment tool can provide a consolidated and actionable view into risk, remediation, compliance and policy. To drive continued value, however, a vulnerability assessment solution must scale to new services as new applications, databases and cloud services are deployed over time.

The cloud has shifted the landscape and created the need for a new approach to assessing risks. If understanding compliance and configurations feels like finding needles in a haystack, it may be time to automate. Data privacy is now a compliance and customer imperative, and understanding the state of your databases is critical, so aim to scale your security assessments with a solution designed for the complexities of the enterprise cloud environment.

You can read the original article, here.

Sophos Intercept X with EDR has been recognized again as an industry leader. Among the winners in Computing’s Security Excellence Awards, Intercept X took home the award for Security Innovation of the Year for the second year in a row.

The Security Excellence Awards, which took place on 21 November in the heart of London, is hosted by UK-based tech magazine Computing as part of its annual Enterprise Security & Risk Management Summit. The ceremony celebrates the industry’s best security companies, solutions, products and personalities across 20 categories.

On the Security Innovation of the Year award, Computing says:

“The security industry and its products are continually evolving, as it keeps pace with the new tricks and tactics developed by hackers to attack corporate networks. This award will be given to the product or service which demonstrates something truly new and original”.

Learn more about our award-winning Intercept X Advanced with EDR or try it for free today.

Today marks a major milestone with the release of the first-ever Gartner 2018 Magic Quadrant for Privileged Access Management.^* CyberArk was named a Leader, positioned highest for ability to execute and furthest for completeness of vision.

As the market pioneer, not only is this a major accomplishment for us as an organization, but it’s also an important milestone for the market at large. According to the report, “Privileged access management is one of the most critical security controls, particularly in today’s increasingly complex IT environment. Security and risk management leaders must use PAM tools in a long-term strategy for comprehensive risk mitigation.”

As the company recognized for establishing the market category, we are extremely proud to be named a Leader. We remain laser-focused on helping organizations to secure the enterprise by delivering innovative solutions that break the attack chain and protect their most valuable assets. We will continue our work to make a quantifiable impact on the security of companies and governmental organizations around the world, enabling them to adopt digital transformation strategies with confidence.

As we celebrate being named a Leader in the Gartner Magic Quadrant for Privileged Access Management, we’d like to thank all of our incredible customers, partners and employees who have been, and will continue to be, the cornerstone of our success.

Read the Full Report

Download the full 2018 Magic Quadrant for Privileged Access Management report here. To learn more about the CyberArk Privileged Access Security Solution or to see what customers and other industry experts say about us, visit our website.

You can read the original article, here.

CyberArk announced it was named a Leader in “The Forrester Wave: Privileged Identity Management, Q4 2018.”¹ Based on Forrester’s evaluation of the 11 most significant privileged identity management vendors, CyberArk ranks highest in both the current offering and market presence categories.

According to the report, “The [CyberArk] solution has strong password safe, session management, and privileged threat analytics, as well as the broadest DevOps support of any vendor evaluated in this Forrester Wave.” CyberArk received the highest possible score in report criteria including customer satisfaction; privileged threat/behavior analytics; privilege delegation and escalation; privileged session monitoring plans; and container support plans.

The CyberArk Privileged Access Security Solution is the most comprehensive solution on the market for protecting against the exploitation of privileged accounts, credentials and secrets anywhere – including on the endpoint and across on-premises, hybrid cloud and DevOps environments.

“This Forrester Wave report reinforces, in our opinion, the importance of privileged identity management for controlling both human user and machine access to an organization’s most sensitive assets and information,” said Marianne Budnik, CMO, CyberArk. “We are proud to be named a Leader by Forrester, and appreciate the support of our customers and partners who look to CyberArk as a trusted advisor and partner in their efforts to invest in modern infrastructure, improve business agility and drive new opportunities for growth.”

To download a complimentary copy of The Forrester Wave: Privileged Identity Management, Q4 2018 report, visit https://www.cyberark.com/resource/forrester-wave-privileged-identity-management/

You know the old saying, “The rich get richer”? Well, our UTM 9 platform is feature rich, but every year we pack more and more features into it. This year is no exception with our UTM 9.6 release.

Here’s what’s included in UTM 9.6

Let’s Encrypt integration

• Generate and renew Let’s Encrypt certificates from within the UTM
• Generated certificates can be used in all UTM components

Web Application Firewall (WAF) page customization

• Custom themes for all error pages that are delivered via the WAF
• Enables the use of a custom corporate identity on all pages

Manual Sandstorm submission

• Allows an admin to upload a file for detonation within Sophos Sandstorm
• Files that have not been received via email or web download can also be analyzed with Sophos Sandstorm

Persistent Sandstorm reports

• Enhanced reporting for Sandstorm activity over time and with historic information
• Reporting also covers hash lookup based results from Sophos Sandstorm

Other enhancements

• Unified RED firmware with improved 3G/4G support
• Submission port support in SMTP proxy
• Configurable listen address in SMTP proxy
• New advanced thread protection library with better performance and protection

The full release notes can be found on the Sophos Community.

How to get it

The release will be rolled out automatically in phases over the coming weeks. For anyone that wants the latest and greatest now, you can download the latest firmware yourself.

If you have any questions, check out the Sophos UTM 9 Community Forums.

We’re excited to announce that we’ve been awarded Security Vendor of the Year at the CRN UK Channel Awards 2018!

The CRN Channel Awards celebrated its 25th anniversary by recognising exceptional achievements in the UK channel industry over the past 12 months.

In CRN’s words: Security Vendor of the YearThe award recognises the overall contribution that [Sophos] is making to business development in the channel, in terms of its product range and development, channel and marketing programmes, and service and support.

Sophos focuses 100 percent of its resources on building products and programs with the needs of channel partners in mind. If you’re interested in working with us, take a look at the Sophos Partner Program and learn how, together, we can take your business to the next level.

You can read the original article, here.

The team is hard at work putting the finishing touches on our next major release of XG Firewall, and it is a huge release! XG Firewall v17.5 brings some amazing new Synchronized Security features as well as many of your most-requested features.

The best part is you can start taking advantage of many of these new capabilities today, as part of the Early Access Program.

What’s new in XG Firewall v17.5

Here’s a quick overview of the key new features in v17.5:

• Synchronized Security – lateral movement protection – extends our Security Heartbeat™ automated threat isolation to prevent any threat from moving laterally or spreading across the network, even on the same subnet. The firewall instructs all healthy endpoints to completely isolate any unhealthy endpoints.
• Synchronized User ID – utilizes Security Heartbeat™ to greatly streamline authentication for user-based policy enforcement and reporting in any Active Domain network by eliminating the need for any kind of server or client agent.
• Education features – such as per-user policy-based control over SafeSearch and YouTube restrictions, teacher enabled block-page overrides, and Chromebook authentication support.
• Email features – adds Sender Policy Framework (SPF) anti-spoofing protection and a new MTA based on Exim, which closes a couple of top requested feature differences with SG Firewall.
• IPS protection – is enhanced with greatly expanded categories enabling you to better optimize your performance and protection.
• Management enhancements – including enhanced firewall rule grouping with automatic group assignment, and a custom column selection for the log viewer.
• VPN and SD-WAN failover and failback – including new IPSec failover and failback controls and SD-WAN link failback options.
• Client authentication – gets a major update with a variety of new enhancements such as per-machine deployment, a logout option, support for wake from sleep, and MAC address sharing.
• Sophos Connect – is our new IPSec VPN Client, free for all XG Firewall customers, that makes remote VPN connections easy for users, and supports Synchronized Security.

In addition, coming in a following maintenance release we have:

• Wireless APX access point support – provides support for the new Wave 2 access points providing faster connectivity and added scalability.
• Airgap support – for deployments where XG Firewall can’t get updates automatically via an internet connection (due to an “airgap” or physical isolation) – XG Firewall can now be updated via USB.

Sophos Central management of XG Firewall

With v17.5, XG Firewall is also joining Sophos Central. The Early Access Program for Sophos Central Management of XG Firewall is expected to start soon.

You will be able to manage XG Firewall from within Sophos Central along with all your other Sophos Central products. And there’s a few great new features coming along with Sophos Central Management of XG Firewall:

• Secure access and management with single-sign-on through Sophos Central from anywhere.
• Backup management and storage for your regularly scheduled firewall backups.
• Firmware update management to make multiple firewall updates easy.
• Light-touch deployment to enable easy remote setup of a new firewall.

Get early access now!

Head on over to the XG Firewall Community Forums to get the v17.5 EAP firmware update, additional information on what’s new, and to share your feedback with the Sophos Product Team and the rest of the community.

You can read the original article, here.

Who’s responsible for cybersecurity at work? Is it the security team, the employees or a mix of both?

And, perhaps most importantly of all, does everyone in your organization agree?

A recent study commissioned by Sophos revealed that six out of ten employees feel more relaxed about IT security at work than at home, with 45% of people admitting that they don’t feel responsible for IT security at work.

Company security policies are designed to create a safe workplace for all employees. Those policies are often developed by a security team with years of experience, but policies only work if they’re adhered to. No matter how good your security team is, it’s relying on everyone else to make it their responsibility to maintain a safe workplace by following its policies. Helping employees to learn and understand those policies is vitally important.

The workplace isn’t a homogeneous whole though, it’s a collection of individuals with different personalities and learning styles. If everyone receives the same training content, don’t be surprised if the message doesn’t sink in everywhere.

New award-winning security training

Sophos Phish Threat is here to make security awareness training stick.

Phish Threat covers a wide range of topics from general or role-based security awareness to regulatory compliance, in a variety of engaging formats. It makes use of videos, interactive modules and gamification in a mix of visual styles to ensure that everyone gets the message.

Today, we’re excited to announce that our range of training has grown. Thanks to our latest Phish Threat learning partnership with Ninjio, we’ve added over 30 new training modules, plus we’re growing Phish Threat by one new module every month!

Ninjio shares our approach of short, engaging training, and its unique style recently scooped it the Gartner Customer Choice award for Computer Based Training 2018. By dramatizing real-life cyber threat headlines, with Hollywood script writers and great animations, Ninjio brings stories to life.

The freshest content

With all that training at your fingertips, your employees should be cybersecurity ninjas in no time. But to truly test their new-found skills, Phish Threat also provides more than 500 customizable attack email templates in nine languages. And new templates are being added every week, so to help we’ve made it easier to find the latest content fast.

Featured templates

The latest phishing attacks and seasonal campaigns train users to identify real-world attacks hitting their inboxes today, as well as the seasonal campaigns they need to know about.

New templates

New templates are automatically applied to every Phish Threat account. The New flag allows you to quickly find the most recently added templates, to help keep things interesting for your employees.

Five stars from customers

Our latest independent customer reviews show how easy it is to get started, and the almost immediate impact that Phish Threat is having on reducing risk.

“The cloud offering was extremely easy to deploy. The training exercises and videos were extremely relevant, engaging and just the right length”.

You can start educating your employees today with our free anti-phishing toolkit.

Netwrix conducted a study of the major IT risks that are significant for most organizations and assessed respondents’ readiness to withstand cyber threats.

The report is based on the feedback of 1,558 organizations of various sizes from many different regions and industries. It summarizes the experiences and plans the organizations have in regard to addressing six IT risks: physical damage, intellectual property theft, data loss, data breach, system disruption and compliance penalties.

The report reveals the following key findings:

• Most companies consider hacker attacks to be the most dangerous threat, but in fact, insiders cause the majority of security incidents by either malicious or accidental actions.
• Not all critical security controls are reviewed regularly as required by best practices. The most neglected controls include getting rid of stale and unnecessary data and conducting data classification. These controls are exercised rarely or never by 20% and 14% of organizations, respectively.
• Although 70% of companies have done IT risk assessment at least once, only 33% re-evaluate their IT risks regularly.
• 44% of respondents either do not know or are unsure of what their employees are doing with sensitive data.
• Nonetheless, over 60% of respondents think that their level of visibility is high enough, which lulls them into a false sense of security.
• Only 17% of organizations have an actionable incident response plan; 42% have only a draft or have no plan at all.

“Our report illustrates that the foremost reason why the organizations fail to address major IT risks lies in a lax approach to security basics. They are giving priority to some controls and are leaving the most important ones out of scope. Haphazard approach to security basics and poor visibility into sensitive data gives IT pros a false sense of security. However, paying more attention to all security basics can help organizations manage IT risks with more success,” said Steve Dickson, CEO of Netwrix.

You can read the original article, here.

Defence organisations encompass two very different communication environments. Military messaging takes place within live operational environments, and might involve messages passing between different operations and forces, for example, over closed systems and networks. This type of communication must follow strict security procedures and protocols, and conform to stringent standards, as must the classification of the emails and data being shared both internally and with other nations’ defence organisations.

Alongside this, staff across the organisation are sending messages and creating data as part of the day-to-day ‘business as usual’. This could be anything from emailing a supplier to order more stationery for head office, to a sales representative adding new details to a customer record. Information that falls into this category also needs to be classified, controlled and protected.

Many defence organisations are currently reviewing the messaging tools they use, as they transition from existing X.400 systems to a more modern communications infrastructure, and there’s an increasing appetite for moving to commercial, proven off-the-shelf SMTP-based solutions and adhering to the new NATO standards.

‘Integration’ may be the current buzzword in the IT world, but we believe that the best approach is to deploy two separate but complementary solutions that each address a specific environment, application and user base.

Boldon James’ SAFEmail solution, for instance, is well-suited to military and intelligence applications, and has been used by customers in the defence market for 25 years. It’s a robust and tried and tested tool, but one that’s also at the forefront of messaging technology. In addition to current international standards and protocols, the latest version has been future-proofed to comply with the new data protection and labelling standards being introduced by NATO, which we were involved in a consultation on. SAFEmail is able to support both legacy X.400 and new systems, and can be customised to meet requirements.

An enterprise solution such as Classifier can then be deployed alongside a military messaging tool such as SAFEmail®, as a common platform to be used by the entire organisation for classifying ‘everyday’ emails and data. Classifier is structured for secure environments, and complies with industry standards and protocols, but is suited to non-operational activities with a more flexible labelling functionality that can be aligned to how the organisation works, and is currently deployed in live Top Secret level systems.

Procuring both systems from the same vendor has its advantages. The organisation will be assured the same high level of performance across all communication environments, with every message sent protected to military standards. There are also benefits to dealing with a single company, including smoother deployment, consistent support and lower cost of ownership.

Most important of all is that the vendor has a long history of service in military environments, and a profound understanding of both military and enterprise infrastructures.

You can read the original article, here.

Onboarding new devices to management policy controls includes the important step of user authentication. That’s why we’re excited to be one of the launch partners for Google Cloud’s new secure LDAP feature, launched today at Google Next London.

Sophos Mobile customers now have the option to validate their users’ identities with G Suite and Google Cloud Identity.

For organisations using G Suite or Google Cloud Identity, this will dramatically simplify the enrolment process for new devices. Sophos Mobile will use Google’s new secure LDAP implementation to validate users dynamically, during enrolment.

Google will be rolling out secure LDAP to Cloud Identity and G Suite customers in the coming weeks. Sophos customers running their own Sophos Mobile management server can take advantage of it with the release of Sophos Mobile 8.6 later this month.

If you aren’t already a Sophos Mobile customer and you’re wondering how best to secure and manage your mobile fleet, check out Sophos Mobile.

You can read the original article, here.

We are very excited to announce the launch of Sophos Intercept X Advanced with EDR, a new Intercept X offering that integrates intelligent endpoint detection and response (EDR) with the industry’s top-rated malware and exploit protection.

With Intercept X Advanced with EDR, IT and security teams can now better navigate the challenges of today’s most complex threats, such as:

• Understanding the scope and impact of security incidents
• Detecting attacks that may have gone unnoticed
• Searching for indicators of compromise across the network
• Prioritizing events for further investigation
• Analyzing files to determine if they’re potentially unwanted or true threats
• Confidently reporting on the organization’s security posture at any given moment
• Answering tough compliance questions in the event of a breach

Consider the old “needle in a haystack” figure of speech: Most EDR solutions on the market today attempt to collect as much hay as possible to ensure the needles are eventually found.

It’s a complicated, tedious, and manual process. The Sophos approach is different: thanks to industry-leading deep learning technology and unequivocally strong up-front protection, we exponentially shrink the haystack to make the needles much, much easier to find.

Endpoint Detection and Response (EDR) tools give security teams the ability to detect, investigate, and respond to suspicious activity. The best EDR solutions start with the strongest protection, and no other solution offers stronger protection than Intercept X.

Because Intercept X technology is so effective at stopping breaches before they start, the EDR workload is significantly lighter. This means that IT organizations of all sizes can optimize key resources, enabling them to focus on the business of IT rather than chasing false positives and dealing with overwhelming volumes of alerts.

The intelligent EDR built into the new Intercept X Advanced with EDR replicates the capabilities of highly-skilled analysts, allowing organizations to add expertise without having to add headcount. The product leverages deep learning, SophosLabs threat intelligence, and more to mimic the roles of a malware analyst, security analyst, and threat intelligence analyst all in one, without having to pay human salaries for those key skillsets.

Even for larger organizations with a security operations center (SOC), Intercept X Advanced with EDR provides a valuable first tier of detection, freeing up human analysts to focus on what’s most important. Guided investigation allows security teams of all skill levels to quickly understand their security postures thanks to context-sensitive guidance, which offers suggested next steps, clear visual attack representations, and built-in expertise. When an investigation is concluded, analysts can respond with a click of a button.

To learn more, download the Intercept X Advanced with EDR datasheet.

You can read the original article, here.

Data breaches are up 75% in two years, finds a report from the Information Commissioner (ICO). The study, carried out by Kroll, took into account an array of personal data, including health, financial and employment details.

Access to this data was made possible under the Freedom of Information Act, in addition to some ICO data being publicly available.

Incorrect Recipients

Kroll found that over 2,000 reports received by the ICO within the last year could be attributed to human error, compared to just 292 that were deliberate cyber incidents.

Of the reports that were possibly caused by human error, the most common breach types were identified as emails to incorrect recipients (447), data posted or faxed to incorrect recipients (441), and loss or theft of paperwork (438).

As for purely cyber-related attacks without human involvement, the most frequent type within the last year was unauthorised access (102).

Additionally, the health sector was revealed to be the most common source of data breach reports, yielding a total of 1,214, with general business (362), which yielded the highest increase percentage over the past two years (215%), following behind.

GDPR an Important Factor

Kroll said that the increase in reports indicates a correlating increase in transparency on the part of companies as a result of the EU General Data Protection Regulation (GDPR)’s introduction back in May.

“Reporting data breaches wasn’t mandatory for most organisations before the GDPR came into force,” explained Andrew Beckett, Managing Director and EMEA Leader for Kroll’s Cyber Risk Practice, “so while the data is revealing, it only gives a snapshot into the true picture of breaches suffered by organisations in the UK.

“The recent rise in the number of reports is probably due to organisations’ gearing up for the GDPR as much as an increase in incidents. Now that the regulation is in force, we would expect to see a significant surge in the number of incidents reported as the GDPR imposes a duty on all organisations to report certain types of personal data breach.

“We would also expect to see an increase in the value of penalties issued as the maximum possible fine has risen from £500,000 to €20 million or 4 per cent of annual turnover, whichever is higher. The ultimate impact is that businesses face not only a much greater financial risk around personal data, but also a heightened reputational risk.”

The Importance of Automation

Commenting on the finds from Kroll, Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland, said that companies need to support users, helping them become “the strongest link, not the weakest.”

She said: “This needs to go beyond just providing users with security and privacy training and awareness. There also needs to be mechanisms in place to identify and prevent internal data leakages from occurring.”

Ms Armstrong-Smith went on to explain the role of automation in possibly improving data security.

“Automation is helping organisations to detect and respond to changes and adapt policies to protect people and to enable them to be compliant. Not only this, but automation can help organisations react quicker and respond to a breach should it happen.

“They can do it proactively, report it in a timely and compliant way, and ensure they take control of events, rather than the other way around.

“To be truly effective when it comes to protecting personal data requires a mix of people, processes and technologies: all of which have to be carefully aligned so that everything fits together properly.

“At the end of the day, security alone cannot stop a breach, it requires a cultural shift to embed data governance throughout an organisation.”

You can read the original article, here.

We are thrilled to announced that we’ve won the award for Best Anti-Ransomware Solution and have been highly commended in the Best Security Partner Program category at the first Channelnomics Security Awards.

As Channelnomics explains, these awards have been “designed to recognize the trailblazers in the security industry – those players who are embracing the ever-changing face of the market and making it possible for the channel to forge ahead in this challenging landscape.”

The 30-category awards are completely independent and given based on innovation and achievement in the North American market over the year.

With the emergence of Intercept X, our next-gen, anti-ransomware solution, Sophos has led the way in fighting the rise of ransomware. We remain poised to meet new or evolving challenges that ransomware has in store for the industry, which is why we are proud to receive the Best Anti-Ransomware Solution accolade.

And, our customers and partners can attest to it:

“We have deployed Intercept X to more than 10,000 endpoints. Since deployment, it has stopped upwards of 2,500 endpoint ransomware attacks and we’ve had zero ransomware infections across all protected devices“.

– Emily Vandewater, Lead Security Engineer, Flexible Business Systems

As a channel first company, we are constantly working toward the continued success of our partners. Being recognized as having the Best Security Partner Program (Highly Recommended) is a powerful statement that we continue to find success building an optimal, beneficial relationship with our partners, ensuring not just financial growth but continued cybersecurity and safety for their customers.

Stop by the Channelnomics site for more on the awards ceremony and to view a full list of winners.

You can read the original article, here.