PRODUCTS

News

7

May

The Digital Operational Resilience Act (Regulation (EU) 2022/2554) (“DORA” or the “Act”) is a European Union regulation intended to ensure the digital resilience of financial entities1 in the EU against Information Communication Technologies (ICT) – related incidents and operational disruptions. The European Commission completed DORA on January 16, 2023. Its requirements become effective and apply on January 17, 2025.

Scope of DORA

DORA applies to all EU “financial entities,” including banks, investment firms, credit institutions, insurance companies, crowdfunding platforms, as well as critical third parties offering ICT-related services to financial institutions such as software vendors, cloud service providers and data centers, data analytics providers, and more. Article 2 of (EU) 2022/2554 identifies the following financial entities covered by the Act.

List of financial entities covered by the regulation:

  • Credit institutions
  • Payment institutions
  • Account information service providers
  • Electronic money institutions
  • Investment firms
  • Crypto-asset service providers and issuers of asset-referenced tokens
  • Central securities depositories
  • Central counterparties
  • Trading venues
  • Trade repositories
  • Management companies
  • Managers of alternative investment funds
  • Data reporting service providers
  • Insurance and reinsurance undertakings
  • Insurance intermediaries, reinsurance intermediaries and ancillary insurance intermediaries
  • Institutions for occupational retirement provision
  • Credit rating agencies
  • Administrators of critical benchmarks
  • Crowdfunding service providers

Why DORA?

DORA “acknowledges that ICT incidents and a lack of operational resilience have the possibility to jeopardise the soundness of the entire financial system, even if there is “adequate” capital for the traditional risk categories.” The DORA regulatory framework lays out requirements that address the security of financial entities’ networks and information systems to enhance cybersecurity across the EU’s financial sector. This helps financial entities reduce the potential impact of digital threats on their business continuity, legal liability, and financial and reputational loss.

Requirements of DORA

In order to achieve a high common level of digital operational resilience, this Regulation lays down uniform requirements concerning the security of network and information systems supporting the business processes of financial entities as follows:

  1. ICT Risk Management: Financial entities shall have a sound, comprehensive and well-documented ICT risk management framework as part of their overall risk management system, which enables them to address ICT risk quickly, efficiently and comprehensively and to ensure a high level of digital operational resilience.
  2. ICT-Related Incident Management Process: Financial entities shall record all ICT-related incidents and significant cyber threats. Financial entities shall establish appropriate procedures and processes to ensure a consistent and integrated monitoring, handling and follow-up of ICT-related incidents, to ensure that root causes are identified, documented and addressed in order to prevent the occurrence of such incidents.
  3. Digital Operational Resilience Testing: To ensure that financial entities are prepared to tackle ICT-related incidents, DORA defines common standards with a focus on resilience testing by these entities, “such as vulnerability assessments and scans, open source analyses, network security assessments, gap analyses, physical security reviews, questionnaires and scanning software solutions, source code reviews where feasible, scenario-based tests, compatibility testing, performance testing, end-to-end testing and penetration testing.”
  4. ICT Third-Party Risk Management (TPRM): Recognizing the increasing importance of third-party ICT service providers, DORA requires financial entities to “manage ICT third-party risk as an integral component of ICT risk within their ICT risk management framework” through contractual agreements like accessibility, availability, integrity, security, and protection of personal data; clear termination rights; and more.
  5. Information and Intelligence Sharing: With the aim of boosting the collective ability of financial institutions to identify and combat ICT risks, DORA encourages them to “exchange amongst themselves cyber threat information and intelligence, including indicators of compromise, tactics, techniques, and procedures, cyber security alerts and configuration tools, to the extent that such information and intelligence sharing:
    • aims to enhance the digital operational resilience of financial entities, in particular through raising awareness in relation to cyber threats, limiting or impeding the cyber threats’ ability to spread, supporting defence capabilities, threat detection techniques, mitigation strategies or response and recovery stages;
    • takes place within trusted communities of financial entities;
    • is implemented through information-sharing arrangements that protect the potentially sensitive nature of the information shared, and that are governed by rules of conduct in full respect of business confidentiality, protection of personal data in accordance with Regulation (EU) 2016/679 and guidelines on competition policy.”
  6. Oversight Framework of Critical ICT Third-Party Providers: The Joint Committee, in accordance with Article 57(1) of Regulations (EU) No 1093/2010, (EU) No 1094/2010 and (EU) No 1095/2010, shall establish the Oversight Forum as a sub-committee for the purposes of supporting the work of the Joint Committee and of the Lead Overseer referred to in Article 31(1), point (b), in the area of ICT third-party risk across financial sectors. The Oversight Forum shall prepare the draft joint positions and the draft common acts of the Joint Committee in that area.

The Oversight Forum shall regularly discuss relevant developments on ICT risk and vulnerabilities and promote a consistent approach in the monitoring of ICT third-party risk at Union level.

DORA and NIS 2

DORA and NIS 2 are two critical pieces of EU cybersecurity legislation. The NIS 2 Directive (Directive (EU) 2022/2555) is a legislative act that aims to achieve a high common level of cybersecurity across the European Union.

The relationship between DORA and NIS 2 is that NIS 2 aims to improve cybersecurity and protect critical infrastructure in the EU, whereas DORA addresses the EU financial sector’s increasing reliance on digital technologies and aims to ensure that the financial system remains functional even in the event of a cyberattack.

What is significant to note is that NIS 2 is a European directive. By October 17, 2024, Member States must adopt and publish the measures necessary to comply with the NIS 2 Directive. DORA is a European regulation that will be applicable as it stands in all EU countries from January 17, 2025.

Article 1(2) of DORA provides that, in relation to financial entities covered by the NIS 2 Directive and its corresponding national transposition rules, DORA shall be considered a sector-specific Union legal act for the purposes of Article 4 of the NIS 2 Directive.12  DORA is “lex specialis” to NIS 213,14 for the financial sector, a principle that states that a specific law takes precedence over a general one. So, for financial entities covered under DORA, this text prevails over NIS 2. However, this does not mean that NIS 2 obligations are no longer applicable to entities affected by both texts.

Penalties for DORA non-compliance

The potential penalties associated with DORA can be significant and, differently to GDPR and/or NIS 2, encourage the firm to comply by imposing fines on a daily basis. Those organizations deemed noncompliant by the relevant supervisory body may find themselves subject to a periodic penalty payment of 1% of the average daily global turnover in the preceding year, for up to six months, until compliance is achieved. The supervisory body may also issue cease-and-desist orders, termination notices, additional pecuniary measures, and public notices.

DORA timelines

DORA was first proposed by the European Commission in September 2020. It came into force on January 16, 2023. Financial entities and third-party ICT service providers have until January 17, 2025 to prepare for DORA and implement it. Batch 1 of the Regulatory Technical Standards, or RTS, and the Implementing Technical Standards (ITS) were published on January 17, 2024. Batch 2 of these standards is under consultation.

Source: Sophos

2

May

NIS2, the reformed edition of the 2016 Network and Information Security (NIS) directive, was entered into force at the start of 2023, following multi-year European Parliament negotiations. Member states have until 17th October 2024 to adopt and publish measures complying with NIS2.

With a little less than a year left for affected organizations to comply with the new requirements, we sat down with Lee Elliott, Director of Solutions Engineering at BeyondTrust, to learn more about NIS2 and its impact on national security. This blog will provide answers to the leading questions about NIS2 to help you prepare your organization to meet the coming deadline.

Q1: What is NIS2?

The Network and Information Security 2 (NIS2) Directive is a landmark piece of European cybersecurity legislation that provides legal measures to boost the overall level of cybersecurity in the European Union (EU). It does so by setting a common, high standard for companies and organizations to comply with in terms of their cybersecurity posture and obligations.

Q2: Who does NIS2 apply to?

Businesses identified by the Member States as operators of “important” or “essential” services. Most of the organisations held accountable by NIS2 are Critical National Infrastructure (CNI) and run Operational Technology (OT) and industrial systems networks.

NIS2 regulations not only cover important or essential services, but also any breach in their supply chain. This means that their subcontractors and suppliers, wherever they are based, need to be as secure as the NIS2 requirements.

Q3: NIS vs NIS2 – What’s the difference?

NIS2 introduces updates to the EU cybersecurity rules that were originally introduced in 2016 in order to modernise the existing legal framework and keep up with increased digitisation and an evolving cybersecurity threat landscape.

Some key differences include:

  • More industry sectors included – the scope of cybersecurity rules has expanded to new sectors and entities, particularly incorporating manufacturing and other OT industries. Company criticality and size is also taken into account.
  • New incident response and crisis management reporting requirements – NIS2 requires improvement of the incident response capacities, including strengthened incident reporting obligations, more precise reporting processes, and timeline provisions.
  • Enhanced security requirements and controls – Security requirements are strengthened, with focused vulnerability handling and disclosure, policies and procedures to assess the effectiveness of cybersecurity risk management measures, basic computer hygiene practices and cybersecurity training, the effective use of cryptography, human resources security, access control policies, and asset management.
  • Bigger penalties – NIS2 introduces more severe penalties for compliance failures. Administrative fines vary based on entity status:
    • Essential entity fines can be up to €10,000,000 or 2% of the total annual worldwide turnover in the previous fiscal year (whichever is higher);
    • Important entity fines can be as much as €7,000,000 or 1.4% of the total annual worldwide turnover in the previous fiscal year of the company (whichever is higher).
  • Increased liability – C-level executives who are responsible for the Risk and Governance of their infrastructure will be held personally liable for a breach and could be removed from their post.

Q4: When does NIS2 come into effect?

The deadline for Member States to transpose the NIS2 Directive into applicable, national law is 17 October 2024. Companies need to be fully compliant with the directive’s updated requirements before this date or they may face severe consequences, including financial penalties and damage to reputation.

Q5: Why is there a focus on operational technology (OT) within NIS2?

OT security has become much more critical because of the recent spate of high-profile attacks. It has also become the focus of increasing compliance frameworks. In terms of security, OT is playing catchup with IT. In IT networks, most security fundamentals have been put in place, but in OT, controls like change management, access control, and vulnerability management are still not being applied.

Q6: What are the challenges of managing and securing OT Environments?

I think it boils down to the focus of an OT environment. For the most part, these environments are manufacturing plants—factories that are producing an output. Availability is paramount. Any downtime will cost a measurable amount based on loss of output. Of course, with CNI, availability becomes even more important as any downtime may have a detrimental effect on the nation! And if you think that IT is more data-centric and so integrity is more of a focus, remember: you can back up data, but it’s not so easy to do with the flow of gas or oil!

Also, OT environments are full of legacy, and sometimes unsupported, equipment. Refresh cycles could be in the decades rather than the 3-to-6-year range that is typically seen in IT. There is an element of technical debt with systems that were never designed to operate with new cyberthreats in mind.

Lastly, there is a temptation for companies to use the authentication and security services they have in IT for their OT environment. For example, using the corporate Active Directory to manage the account authentication and authorisation for OT users. This is a really bad idea. The two areas should be segmented to prevent a breach from crossing from one environment to the other, resulting in a much larger impact.

Q7: What are the next steps for organizations? Should they start mapping NIS2 to more familiar frameworks? What will a gap analysis likely show against the new regulations?

This really depends on the Governance, Risk & Compliance (GRC) team within the company. They should be able to digest the new requirements and see where their existing controls are sufficient and where there are gaps. You must consider also that independent auditors will ensure that all controls are in place and satisfy the requirements. If not, they will enforce plans and penalty-driven timelines to ensure compliance.

To assist with this, NIS2 encourages “the use of European and international standards and technical specifications relevant to the security of network and information systems”, for example ISO27001.

The basics (endpoint security, EDR, antivirus etc.) should already have been covered for NIS or other required security frameworks, but the biggest gap is still phishing. Enforcing least privilege and better identity management will be a key area of focus for most organizations.

Q8: If least privilege is the answer, why has it not been adopted more widely?

Least privilege has been around for a long time. The problem people find is that it’s easy to say, but difficult to do—especially on endpoints, servers, and desktops—because people sometimes do need a certain amount of privilege to do their job. By taking that away, you’re preventing them from actually being productive.

When companies are measured in response times, SLAs, and how quickly get things fixed, and when having applications go down can cost the company millions per day, security sometimes takes a backseat. Then it’s only when they’ve had a breach, or when they think they’re going to have a breach, that they start thinking about it. So, least privilege is difficult from that standpoint. It should be as simple as having the tools in place that allow people to still do their work, with policies that allow them to do what they need to do, but securely.

Q9: What are the specific challenges of incorporating third parties into your security strategy?

Third parties can be seen as the weakest link in the cyber defence chain. Every company relies on third parties to support their Tier 1 business services, but the security of the company as a whole is only as good as the security of the worst third-party company.

This threat is old: one of the first documented cyberattacks occurred on the US hypermarket, Target, in 2013. The attack was caused by a breached third party when the heating and air conditioning support company Target used was breached. The company had VPN access into Target’s stores to monitor and patch the air conditioning systems, but during the recon phase, the threat actors also gained access to Point-of-Sale registers. They installed credit card skimming software and stole credit card details from approximately 40 million customers, eventually costing Target USD420 million.

With the updates in NIS2, incorporating third parties into your security strategy is now paramount. Companies must impose a minimal cybersecurity maturity level on their suppliers and will be responsible for assessing that supplier, not the National Authorities.

Q10: How does technology add to the vendor privileged access management (VPAM) challenge?

Controlling third party access to internal systems is a critical function of supply chain security. However, current technology used by many companies for providing remote access is outdated and doesn’t provide the necessary controls for giving third parties access securely.

VPNs are susceptible to vulnerabilities – just search any CVE database to see. Travelex forgot to patch its VPN in 2020 and was hacked via CVE -2019-11510. The attack cost the company $2.3 million in ransom paid to the hackers, and eventually the company was forced into administration.

As another example of where VPAM is needed, in February of 2022, Toyota shut down 14 manufacturing plants at a cost of about $375 million because of a cyberattack on Kojima Industries, a key supplier. Kojima Industries is a small company and is little-known outside Japan, where it produces cup holders, USB sockets, and door pockets for car interiors. However, its modest role in the automotive supply chain is a critical one, and when the company was hacked, it brought Toyota’s entire production line to a stop. Even after the initial crisis was over, it took months for Kojima to get operations back to normal.

Q11: What’s the best solution for managing vendors and third-party users?

Managing third-party vendors is a combination of policy, process, and technology. Providing any one without the others is pointless.

Managing vendor users is always a difficult problem. Where do you create their accounts? How do you know if someone who left has passed their credentials off to their replacement, or even to several people who are now accessing your infrastructure? Modern solutions allow vendors to manage their own remote access account with the necessary controls in place.

Modern administrative and third-party vendor access solutions should provide clientless access with flexible authentication methods, approval workflows, just-in-time access windows, and visibility and auditing. The latter is important not only for security, but also to ensure vendors are adhering to the agreed contract and process. Additionally, integrating with change procedures and using the change number as an additional verification would be useful.

Optimism bias is a tendency to overestimate the likelihood that good things will happen to us while underestimating the probability that negative events will impact our lives. This can affect businesses when company leaders believe they will never be targeted by threat actors.

Mitigating a risk to a lower level of risk so that it can be accepted is good risk management—as long as the mitigation isn’t a temporary fix. But this is an old argument that predates some of the significant attacks on OT/IT environments, and regulatory fines are only part of the cost.

For example, the 2021 Colonial Pipeline ransomware attack cost the company $4.4 billion to pay the threat actors, Darkside. But it also caused a six-day shutdown of fuel supply, which affected airports and fuel stations to such a degree that a State of Emergency was declared. The interesting fact about this attack is that it didn’t directly affect the OT equipment. It shut down the billing infrastructure of the company, but because the extent of the breach was unknown, production was shut down as a precaution.

While this attack is undeniably focused on the US, it serves as an illustration that a breach can result in financial expenses in paying hackers. Moreover, the reputational harm inflicted on both the company and individuals involved can be equally expensive. If this had happened in the EU, there would have been the additional expense of the fines imposed by NIS2.

In addition to financial and reputational risks, under NIS2, individual C-Level executives responsible for the Risk and Governance of their infrastructure face accountability and potential removal from their positions—a risk they might not be willing to accept.

Next steps: achieve NIS2 compliance and secure your identity perimeter with BeyondTrust

BeyondTrust’s innovative solutions are tailored specifically to meet the challenges of securing OT environments and to help organizations secure their identity perimeters. Contact us today to learn more from an expert, and click here to download our whitepaper on how to address the NIS2 directive with Privileged Access Management.

Source: BeyondTrust

27

Apr

The security concept known as “Privilege Creep” occurs when an individual accumulates access rights over time, retaining entry to systems and data beyond the completion of a specific task or the need for such access. This gradual accumulation of unnecessary privileges within an organization not only complicates the management of access rights but also magnifies the potential for security breaches, data theft and misuse of information. As privileges amass unchecked, the attack surface widens, offering malicious actors more opportunities to exploit vulnerabilities that could lead to a breach. Addressing this issue requires diligent access management and adherence to the principle of least privilege, ensuring individuals have access only to the resources necessary for their current roles and responsibilities.

Mitigating Privilege Creep is critical to enhancing an organization’s cyber security posture, but it’s historically been difficult to quickly and securely revoke access rights once they have been granted… until now.

Keeper is excited to announce Time-Limited Access and Self-Destructing Records for encrypted, time-bound access and credential sharing in the Keeper platform.

Time-Limited Access

Time-Limited Access enables users to share a record or folder with another Keeper user for a designated period of time. Upon expiration, the recipient will have their access automatically revoked without requiring the sending party to take any action. Time-Limited Access can be applied to thousands of common scenarios from sharing the WiFi password with a visiting guest to admins sharing the login details for a database.

Time-Limited Access solves the long-term struggle many organizations have around elevated access. Users often need to be granted temporary or short-term privileges that go beyond their standard access levels. Organizations can maintain least privilege by only allowing elevated access for the set duration of time and only to perform the tasks required, eliminating the need to create power users with access outside of the scope of their projects.

Combining Time-Limited Access with Keeper Secrets Manager (KSM) provides privileged users with powerful sharing functionality. When paired with KSM’s automatic service account rotation capabilities, users can schedule rotation of the shared credential upon the expiration of access, ensuring the recipient never has standing privilege.

Self-Destructing Records

Self-Destructing Records take this concept one step further by allowing users to create a record and send a one-time share that will delete itself from the sender’s vault after the recipient opens the shared record.

This happens after a designated period of time or once the recipient has viewed the record for five minutes, whichever comes first.

A typical scenario is employee onboarding, when IT needs to share login credentials with a new staff member. IT can share the record containing those credentials and upon receipt, the original record will self-destruct, eliminating the risk associated with long standing access to the employee’s login information.

With Self-Destructing Records, the information can be accessed securely and is automatically deleted, ensuring it doesn’t linger or become accessible beyond its intended purpose. This record’s unique trait of being viewable on only one device further tightens security, preventing unauthorized distribution or viewing on multiple devices.

 

These access and sharing updates are available for both consumer and business users. Administrators can enable or disable these features in the ‘Creating and Sharing’ section of role settings in the Admin Console for business and enterprise organizations. Administrators with Keeper Advanced Reporting and Alerts Module (ARAM) are also able to receive ARAM events for when a timer is added to a record, and when the timer and share expire.

Easy-to-Use, Encrypted Access for All

Time-Limited Access brings several key benefits to users and administrators:

    • Revoked access at a time decided by the record owner, eliminating chasing down who has access and removing it at a later time
    • Enhances security as traditional short term sharing has been done in insecure ways like writing down passwords or sending them via email and messaging
    • Simplified compliance with event recordings and assurance that least privilege access is maintained

Self-Destructing Records enables its own set of benefits including:

    • Ensuring encryption and security, without filling the sender’s vault with credentials they don’t need to retain
    • Assurance that the recipient is the only receiver of the shared credential

Secure and Streamline Credential Sharing with Keeper

Time-Limited Access and Self-Destructing Records are just the latest in Keeper’s ongoing efforts to enhance Privileged Access Management (PAM) capabilities for all users. By limiting the amount of time users have access to records, organizations simplify compliance and end-users can rest easy knowing their records are shared securely.

Using Time-Limited Access and Self-Destructing Records is very simple. To learn how, please refer to the product release notes.

To see Time-Limited Access and Self-Destructing Records in action, schedule a demo today.

Source: Keeper

24

Apr

Keeper Security is pleased to announce that passphrases are now supported in the Keeper Vault. Passphrases provide a highly secure yet easy-to-remember approach to logins for all users, and can be both generated and stored with Keeper.

Keeper’s passphrase generator is a new option within its existing password generator. Users and admins will have the choice of which generator they would like to use or enforce for their organization. Keeper’s passphrase generator leverages Electronic Frontier Foundation’s recommended wordlist but has been sanitized to remove any offensive words. Currently, only English words are used by the passphrase generator.

In addition to passphrases, character-specific policies for symbols are now included with Keeper’s existing password generator. For example, users generating a password for a site that doesn’t include certain characters such as ^, ? or + can choose to remove those symbols from their passwords.

How to Use Passphrases in Keeper

The experience of generating and saving a passphrase is nearly identical to the current way to generate and save a password in Keeper, ensuring the same ease of use.

From the Keeper Vault, select Create New and select Record.

 

Users are prompted to choose their record type and title the record, then select Next. This brings up the record detail menu. To generate a passphrase, click on the dice icon.

This opens the Password Generator where users will see a new drop-down menu option. Click on the drop-down menu and select Passphrase.

Once opened, users can customize their passphrase complexity. Just like passwords, the more complex a passphrase is, the more secure it is. Passphrases in Keeper support up to 20 words.

Selecting Capitals, will capitalize the first letter of each word, while choosing Numbers adds a single digit (0-9) to the beginning or the end of some of the words.

Each word requires a separator. By default, Keeper uses “” but users can change their default to any of the other options that include “.”, “_”, “!”, “?” or a space by toggling the “Use as default settings” box. Users have the option to include multiple different separators.

After generating a passphrase, the user will select Use Passphrase and be returned to the record detail menu to save the record.

Click Save and the record with the randomized passphrase will be added to your Keeper Vault.

How to Enable the Passphrase Generator for Administrators

Keeper Administrators looking to enable passphrases for their organization can toggle the ability to leverage passphrases on or off.

Administrators will need to navigate to Record Passwords in the Roles section of the Admin Console and select Passphrase Generator. From this screen, simply toggle Allow Passphrase Generator on or off to select your preferred role policy. Administrators looking to enable passphrases must select at least one of the available separators.

If the Passphrase Generator is disabled, the section will not be interactive in the Admin Console and end users will not have the Passphrase Generator option in their Keeper Vault.

If Keeper Administrators want to only allow passphrases on specific domains, select Domain-Specific Generator. From this tab, click on Add Domain and add the URL of the preferred domains where passphrases will be available for use. After selecting the security rules desired, click Add.

The list of allowed domains will be displayed and administrators can edit them at any point.

Simplify Logins with Keeper

Keeper is driven to continue making its platform easier to use than ever before. Enhancing login types and streamlining the generation of those is key to that approach for both consumers and organizations alike.

To learn more about passphrases and how Keeper is the most secure and easy-to-use password management platform, schedule a demo today.

Source: Keeper

19

Apr

IT asset discovery is a process to find and document assets that are connected to the network. Asset discovery tools provide an automated solution for an accurate inventory of all the hardware and software on the network or environment.

Automate and Manage Your Network Assets with Datto RMM Asset Discovery Tools

As a managed service provider (MSP) you know that managing a client’s networks can be a complicated process. It’s essential to be able to monitor, support, and secure anything that is connected to a network to minimize any security risks.

However, it’s no longer enough just to know what’s on the network. As an MSP, you need to understand the relationships between the devices and services that keep your customers up and running.

Datto RMM’s built-in asset discovery and management tool offers real-time visibility of every asset connected to a network. The tool is able to locate every asset including those not already under your management in Datto RMM.

Datto RMM provides:

  • Insightful discovery.
    Instantly view all discovered devices on the network, where they are located, and their current status.
  • Faster troubleshooting.
    View essential network information at a glance, with open alerts represented on devices and the impact they have on each other. Technicians can quickly navigate to any device, gather critical information, and set up a remote connection with a single click.
  • Mitigation of potential issues.
    Technicians don’t just see the endpoints in isolation. Datto RMM’s Network Topology maps illustrate the relationships between all devices on the network, allowing you to gauge the impact of a change before it’s made.

 

Datto RMM helps MSPs manage the complexity, costs, and risks associated with supporting your client endpoints. Whether managing a single endpoint or hundreds of thousands of endpoints, Datto RMM helps MSPs keep their supported estate secured, patched, stable, and functioning.

Request a Demo of Datto RMM Today.

Benefits of using asset discovery tools?

The use of spreadsheets to track devices and software in a complex network is no longer an option. The use of automated IT Asset management provides the MSP with a solution to:

  • Reduce costs: Prepare information remotely, automate and identify what is not being managed, simplify monitoring and managing for recurring processes, and assess future requirements.
  • Mitigate risk: Quickly identify what’s not being managed and where potential risks lie
  • Manage devices: Understand compliance status of managed devices, and uncover previously missed opportunities to manage new devices

How to get started with RMM Asset Discovery

Datto RMM will obtain the following information from devices on the network including routers, switches, and IoT devices:

  • Operating system
  • Manufacturer
  • Hostname
  • Device type
  • IP addresses
  • MAC addresses
  • Used uplink port
  • Relationships between the device and the networking infrastructure
  • Whether the device is being managed by Datto RMM and open alerts

Datto RMM’s IT asset discovery tool empowers managed service providers’ ability to continuously discover and identify every device on the network – not just those managed with Datto RMM – generating a visual layout of the network to show how devices are connected to each other, and quickly identifying where issues are on the network.

Which systems does the Datto RMM Support?

Datto RMM supports systems running on:

  • Windows:
    • Windows 7 SP1 with Windows Updates KB2999226 and KB2533623 installed
    • Windows Server 2008 R2 SP1 with Windows Updates KB2999226 and KB2533623 installed
    • Windows 8.1 with Windows Update KB2999226 installed
    • Windows Server 2012 R2 with Windows Update KB2999226 installed
    • Windows 10 with .NET Core 3.1
    • Windows Server 2016 with .NET Core 3.1
    • Windows Server 2019 with .NET Core 3.1
  • Linux with .NET Core 3.1
  • macOS with .NET Core 3.1

To learn more about Datto RMM, please visit www.datto.com/products/rmm.

Source: Datto

16

Apr

Sophos has been recognized for enabling MSPs to effectively defend customers against today’s complex cyberattacks.
We’re thrilled to announce that Sophos has been named “Best Managed Service Provider (MSP) Solution” by IT security testing firm, SE Labs.

As a channel-first, channel-best company, the award validates our commitment to helping MSPs deliver superior cybersecurity outcomes for our customers amid constantly evolving threats.

Scott Tyson (L), Sophos Director of Channel Sales – MSP EMEA, and Rob Harrison (R), Sophos SVP of Product Management – SecOps and Endpoint Security

SE Labs assesses security vendors based on a combination of continual public testing, private assessments, and feedback from corporate clients. The first-of-its-kind Best MSP Solution award recognizes the critical role MSPs play as the first line of defense for small- and medium-sized businesses (SMBs) against data breaches, ransomware and other debilitating cyberattacks.

“SE Labs Annual Security Awards 2024 acknowledge industry leaders for their best-in-class products and services. Following our conversations within the community and rigorous testing, we created shortlist of exceptional companies that support their partners. We are thrilled to award Sophos Best MSP Solution, for keeping their MSP and partner community armed with innovative security solutions and intelligence that protect their customers in the ever-evolving threat landscape,” said Simon Edwards, CEO at SE Labs. 

To better protect their businesses and customers, MSPs are prioritizing vendors that can help them understand how attackers operate while providing advanced security solutions that adapt as adversaries change their tactics, techniques, and procedures.

“MSPs need a vendor that understands their business model and practices. Since Sophos works exclusively with the channel, we know how to best partner with MSPs, from an operational standpoint to providing scalable, innovative security products and services that can defend their customers from inevitable cyberattacks,” said Simon Reed, chief research and scientific officer at Sophos.

Sophos defends more than 300,000 organizations worldwide against advanced attacks, with anti-ransomware, anti-exploitation, behavioral analysis, and other innovative technologies.

Sophos products are managed in the cloud-native Sophos Central platform, which is part of the Sophos Adaptive Cybersecurity Ecosystem that collects, correlates, and enriches security data with additional context to enable automatic and synchronized responses to active threats.

Intercept X endpoint technology includes industry-first Adaptive Attack Protection, which automatically disrupts in-progress attacks and dynamically puts “shields up” to give defenders valuable additional time to respond to an intrusion. The Account Health Check capability also identifies security posture drift, misconfigurations, and provides the ability to remediate such issues with one click.

To help further partners’ and MSPs’ awareness of critical industry issues, Sophos provides real-time and historical threat intelligence from the Sophos X-Ops unit, a cross-functional team of more than 500 Sophos cybersecurity experts worldwide. Sophos X-Ops’ intelligence helps partners and MSPs confidently address customers’ questions and concerns about the latest ransomware, vulnerabilities, and attacks circulating in the news.

Source: Sophos

11

Apr

Beyond Trust, has joined the AWS ISV Workload Migration Program to help customers accelerate their journey to the cloud. As a result, customers will be able to benefit from reduced migration timelines and costs as they transition their software to the cloud. They will also be able to achieve faster time-to-value as they unlock the performance, speed, agility, and economic benefits of the AWS cloud.

The AWS ISV Workload Migration Program provides BeyondTrust with funding, technical, and go-to-market support to help rapidly migrate customers.

In this blog, I discuss some key customer benefits of migrating their workloads to the cloud, including security enhancements, seamless migration processes, improved performance, and a future-ready digital infrastructure. Read on to learn how, by joining the AWS ISV Workload Migration Program, BeyondTrust is able to accelerate migrations for our customers and provide a seamless migration experience.

How can BeyondTrust and AWS help with your cloud migration and security?

BeyondTrust’s involvement in the AWS ISV Workload Migration Program provides customers with a number of important benefits while transitioning their data and assets to the AWS cloud:

Elevated Security Protocols

Combining BeyondTrust’s sophisticated identity security solutions with the robust security architecture of AWS helps increase security and productivity for businesses who are making the transition to the cloud, fortifying their sensitive data and digital assets against the evolving cyber threats targeting cloud environments. This comprehensive security integration instills trust among stakeholders and empowers enterprises to uphold industry compliance standards with greater confidence.

Workload Migration Enhancements

The AWS WMP supports software providers that have a SaaS offering to deliver workload migrations. This helps BeyondTrust to further simplify the once complex and time-consuming process of moving workloads to the cloud, minimizes disruptions, and ensures a smooth transition of critical applications and data. By simplifying the migration process, enterprises can maintain operational continuity and agility, positioning themselves to adapt swiftly to evolving market demands and seize new business opportunities without unnecessary hurdles.

Enhanced Performance and Cost Optimization

BeyondTrust’s participation in the AWS ISV Workload Migration Program provides businesses undergoing a migration to the AWS Cloud with a number of benefits in terms of performance optimization and cost-efficiency. Leveraging the scalability and flexibility of the AWS infrastructure, businesses can dynamically adjust their operations to meet fluctuating workloads, thereby eliminating the need for substantial capital expenditure on additional resources. Furthermore, by leveraging BeyondTrust’s advanced monitoring and management tools, enterprises can optimize resource utilization and streamline operational processes. This leads to reduced overhead and enhanced efficiency, ultimately contributing to a more sustainable and cost-effective model.

Future-Proofing Digital Infrastructure

BeyondTrust is dedicated to helping organizations secure their digital infrastructures and navigate the complexities (and ever-present cyber threats) of the evolving digital landscape. By joining the AWS ISV Workload Migration Program, we are able to leverage additional support, resources, and expertise to help organizations proactively embrace technological advancements and market disruptions. This proactive approach not only fosters a culture of innovation, but also equips businesses with the resilience and adaptability necessary to capitalize on emerging opportunities and drive sustainable growth in an increasingly competitive business environment, while securing against continuously evolving threats.

Conclusion: How do you ensure a successful cloud migration?

Making the choice to run business workloads in the cloud can be viewed as challenging. Not all workloads are suitable for the cloud, and compliance, security, and other regulatory guidance can add further concerns. Having a way to simplify the transition into the cloud, amplify the benefits of having workloads in the cloud, and provide enhanced security throughout the entire process can make all the difference.

BeyondTrust, together with AWS, will help our customers to simplify and fortify the migration of workloads to the AWS Cloud. With the improved ability to enhance security protocols, streamline migration processes, optimize performance, and future-proof digital infrastructure, we are better equipped to empower our customers as they move towards a more secure, efficient, and agile cloud ecosystem.

Click here for more information about improving the security of your cloud solution with BeyondTrust, or to learn more about our partnership with AWS.

Source: BeyondTrust

9

Apr

You should use a password manager in 2024 because a password manager protects your login credentials and keeps your online data safe. Password managers do more than just protect and store passwords; they also store your passkeys, generate new, strong passwords, and let you store and securely share important documents such as medical records, identification cards, credit cards and more.

Continue reading to learn why using a password manager is important in 2024 and the risks associated with not using one.

What is a password manager?

Password managers create, store and manage passwords, passkeys and other data. People who use password managers only need to remember a single password known as their master password to securely access the rest of their passwords. They can also opt to use their biometrics, like FaceID, to sign into their password manager vault seamlessly.

6 reasons why you should use a password manager

There are many reasons to use a password manager in 2024. Here are six of the top reasons.

1. Password-based attacks are the top attack vector in 2024

Last year, cybercriminals made over $1 billion in ransom payments.  Ransomware, malware and password-based attacks are on the rise in 2024. Stolen credentials are commonly used by cybercriminals to successfully execute data breaches, according to Verizon’s 2023 Data Breach Investigations Report. In fact, 74% of breaches involve the use of stolen credentials. Cybercriminals often purchase these stolen credentials on the dark web and use them to access personal and work accounts. Since many people often use the same password across multiple websites, applications and systems, if a single password is compromised, all your accounts that use the same password are also at risk of being compromised.

The best way to protect yourself and your organization from password-based attacks is by using a password manager. A password manager with dark web monitoring capabilities helps you ensure each of your passwords is strong and unique. It’ll also notify you in real time if any of your credentials are found on the dark web so you can take action immediately by changing your passwords.

2. Reduces password fatigue 

The average person has about 100 online accounts including, financial, social media, work and school accounts. That means people are expected to remember over 100 unique passwords. This often leads to people using the same password or a variation of the same password across multiple accounts, ultimately putting their accounts at higher risk of being compromised. Password managers generate strong and unique passwords for online accounts and store them securely in an encrypted digital vault. The only password users have to remember is a master password to access their login credentials and other sensitive data – significantly reducing password fatigue.

3. Helps you generate strong and unique passwords 

Password managers have a built-in password generator that can instantly create strong and unique passwords. By using a password manager’s autofill function, users can create passwords for their accounts without having to come up with them on their own. This ensures that each of their accounts is always secured with a strong password that can’t be easily compromised by a cybercriminal.

4. Protects you from phishing scams

Many phishing scam emails and text messages are created to lead unsuspecting victims to phishing websites designed to steal login credentials, credit card details and more. Some phishing websites can be difficult for the average person to spot. Password managers can easily spot phishing websites due to their autofill capabilities. A password manager with an autofill function will only autofill your credentials if the website’s URL matches the one you have stored in your password manager’s vault. If the password manager doesn’t autofill your credentials, this is an immediate red flag that the site you’re on is not legitimate and likely malicious.

5. Enables you to securely share passwords, passkeys and more

Insecurely sharing any sensitive information through email or text message can place your accounts and your identity at risk of being compromised. It’s important that when you’re choosing to share private documents or passwords, you do it in a way that is secure and allows you to manage access to them. Password managers like Keeper do just that. With Keeper Password Manager users can share stored data through vault-to-vault sharing or the One-Time Share feature.

Vault-to-vault sharing allows you to share access to a record with other people who use Keeper. Before sharing you can choose how much access you want the recipient to have, such as View Only, Can Edit, Can Share and Can Edit & Share. You can also revoke access to the record at any time. One-Time Share allows you to share records with anyone on a time-limited basis, even if they’re not a Keeper user themselves.

6. Works across multiple browsers and devices

There are three main types of password managers: password managers that come built into your devices like iCloud Keychain, browser password managers like the one that comes with Chrome and standalone password managers like Keeper. One of the biggest limitations of both iCloud Keychain and browser password managers is that they can’t be accessed from everywhere. For example, you can’t access your iCloud Keychain data from a Windows computer and you can’t access your Chrome data from another browser like Safari.

This limitation can cause frustration, especially when you want to sign in to one of your accounts from a different browser or device. Standalone password managers, on the other hand, allow you to access your stored data from anywhere, no matter what device or browser you’re using.

What are the risks of not using a password manager?

Here are a few of the risks associated with not using a password manager.

Password reuse

Many people tend to use the same password or variations of the same password for multiple accounts. This is typically because people can’t remember unique passwords for every single account. This is a major risk because if just one reused password is compromised, it places every account that uses the same password at risk of also becoming compromised.

Weak password creation

Creating passwords that are considered strong is difficult to do on your own. Strong passwords have to be at least 16 characters and contain uppercase and lowercase letters, numbers and symbols. However, these strong passwords are difficult for people to remember, so most people choose to create passwords that are weak but easy to remember.

Using weak passwords for accounts is dangerous because it increases the likelihood of an unauthorized user being able to guess or crack that password successfully.

Multiple password resets

When people forget their password, their first option is to reset it. While resetting your password once won’t hurt you, resetting your password multiple times can. The more times you need to reset your passwords, the more likely you are to use weak passwords or begin reusing passwords. This is especially true if you don’t use a password manager to help you create and store them.

Insecure password sharing

Password sharing isn’t uncommon. People share their login credentials with friends and family for streaming accounts like Spotify, Hulu and Prime Video. When sharing passwords, a lot of people choose to share them using insecure methods like text messages and emails. These sharing methods are dangerous because they’re not encrypted, which means anyone can intercept them. Additionally, by sharing your passwords insecurely you have no visibility into who you’ve shared your password with. This makes it extremely difficult to properly manage your accounts and who has access to them.

Keep your most important data secure with a password manager

Password managers are amazing tools to invest in to keep your online data safe from cyber threats and criminals. Aside from protecting your information, they also make your online experience a whole lot easier with their autofill capabilities.

To see how a password manager can help you secure your data and streamline your online experience, start a free 30-day trial of Keeper Password Manager today.

Source: Keeper

5

Apr

Sophos Managed Risk combines vulnerability management technology from Tenable with Sophos’ threat expertise as a fully managed service.

Exploited unpatched vulnerabilities are the leading root cause of successful attacks, as reported in Sophos’ 2024 Ransomware Report.

The modern attack surface has expanded beyond traditional on-premises IT boundaries, with organizations operating frequently unknown numbers of external and internet-facing assets that are unpatched or under protected, leaving them vulnerable to cyberattackers.

Given this pressing need, we are excited to introduce Sophos Managed Risk, powered by Tenable. This new service enables organizations to find and eliminate blind spots and stay ahead of potential attacks by clearly understanding and prioritizing the highest risk exposures, with expert guidance from Sophos’ dedicated team.

Sophos Managed Risk delivers:

  • Attack surface visibility
    The modern attack surface continues to grow beyond the borders of traditional IT, and most organizations now have internet-facing assets they don’t realize they own, providing easy targets for threat actors. Sophos Managed Risk discovers the organization’s internet-facing assets and analyzes their external attack surface.
  • Continuous monitoring
    In-house IT and security teams may lack the deep knowledge and experience of the exploitation landscape needed to fully understand the security posture of their organization’s attack surface. Sophos Managed Risk provides expert guidance and helps set remediation priorities.
  • Risk-based vulnerability prioritization
    New vulnerabilities are discovered faster than most organizations can fix them. Understanding which ones are relevant and in which order to patch them is a significant challenge. Sophos Managed Risk identifies and prioritizes exposures using extensive vulnerability coverage and risk-based prioritization technology from Tenable.
  • Proactive notification of high-risk exposures
    Attackers look for weaknesses in the environment long before organizations know they’re there. Identifying high-risk exposures quickly is crucial. Sophos Managed Risk provides proactive notification when new critical vulnerabilities are discovered that affect the organization’s assets.

 

“One of the biggest challenges organizations face when improving their security posture is prioritizing what to handle first. This type of guidance helps solve that issue and reduces the workload for security teams tasked with tackling vulnerability and exposure management,” said Craig Robinson, research vice president of Security Services, IDC. “Solutions such as Sophos Managed Risk can be a differentiator by enabling overwhelmed teams to take a more holistic approach to continuous monitoring and threat management.”

The Sophos-Tenable Alliance

Sophos Managed Risk combines industry-leading technology from Tenable with threat expertise from Sophos, delivered as a proactive attack surface management service. This unique partnership brings together two highly respected cybersecurity market leaders to deliver superior security outcomes for customers and partners.

“Sophos and Tenable are two industry security leaders coming together to address urgent, pervasive security challenges that organizations continuously struggle to control. We can now help organizations identify and prioritize the remediation of vulnerabilities in external assets, devices and software that are often overlooked. It is critical that organizations manage these exposure risks, because unattended, they only lead to more costly and time-consuming issues and are often the root causes of significant breaches,” said Rob Harrison, senior vice president for endpoint and security operations product management at Sophos. “We know from Sophos’ worldwide survey data that 32% of ransomware attacks start with an unpatched vulnerability and that these attacks are the most expensive to remediate. The ideal security layers to prevent these issues include an active approach to improving security postures by minimizing the chances of a breach with Sophos Managed Risk, Sophos Endpoint, and 24×7 Sophos MDR coverage.”

“While the latest zero day may dominate the headlines, the biggest threat to organizations, by a large margin, is still known vulnerabilities – or vulnerabilities for which patches are readily available,” said Greg Goetz, vice president of global strategic partners and MSSP, Tenable. “A winning approach includes risk-based prioritization with context-driven analytics to proactively address exposures before they become a problem. Sophos Managed Risk, powered by the Tenable One Exposure Management Platform, delivers outsourced preventive risk management, enabling organizations to anticipate attacks and reduce cyber risk.”

Collaborates with the world’s most trusted MDR service

Sophos Managed Risk is available as an extended service with Sophos MDR, which already protects more than 21,000 organizations globally. The dedicated Sophos Managed Risk team is Tenable-certified and works closely with Sophos MDR to share essential information about zero-days, known vulnerabilities and exposure risks to assess and investigate possibly exploited environments. Organizations benefit through regular interaction, including scheduled meetings with Sophos experts to review recent discoveries, insights into the current threat landscape, and recommendations for remediation and prioritizing actions.

For example, when Sophos discovers a new high-risk zero-day vulnerability that could leave an organization exposed, Sophos Managed Risk scans their assets for the possibility of an exploit and proactively notifies the customer. Organizations can connect with the Sophos Managed Risk team and conveniently manage vulnerability escalation cases alongside MDR investigations in one unified Sophos console.

Available soon

With Sophos Managed Risk experts providing insights into attack surface vulnerabilities, organizations of all sizes can reduce cyber risk, accelerate their patching programs, and improve insurability. The new service will be available at the end of April 2024.

To learn more about Sophos Managed Risk and how it can support you, visit our website or speak with a security expert today.

Source: Sophos

2

Apr

Ransomware attacks have all but dominated news headlines in recent weeks. Managed service providers (MSPs) know the risks of ransomware and how important it is to have a plan in place to respond to an attack when they have an impacted client. There are many different factors to consider, but it’s best practice to have a strategy for detection, prevention, and response. We put together a comprehensive infographic on the journey of ransomware and how MSPs can prepare their clients – here’s a preview.

How can MSPs prevent ransomware attacks?

The reality is, there is no foolproof way to prevent a ransomware attack. Even the most protected and prepared businesses can fall victim to ransomware. However, MSPs can take steps to lower the chances of their SMB clients falling victim to an attack.

Arm clients with antivirus. These tools have been around a long time but are still critical in a ransomware prevention strategy. Automate patch management. When software providers identify bugs, they publish that info and offer a patch. With automated patching, businesses are less susceptible to being exploited by bad actors looking to capitalize on those bugs. Implement tools with ransomware detection capabilities. Often, ransomware attacks can infiltrate a business’s systems, going undetected. One way to drastically improve ransomware prevention is to have tools that identify it before it spreads across a network.

The Journey of Crypto-Ransomware: Detection, Response, and Prevention

 

In this infographic, we break down how ransomware is spread and share tips to help businesses establish plans to prevent, detect, and respond to ransomware attacks.

View the infographic

Detecting a ransomware attack

Ransomware attacks can go undetected, but there are ways to identify if a hacker may have impacted your client. Be sure your clients notify you if they see unusual changes to file names, lockout screens, or a pop-up with a ransom note.

Responding to a ransomware attack

If a ransomware attack is detected, it’s important to respond as quickly as possible. First, scan networks to confirm that an attack is underway, and once identified, isolate the infected computer(s) immediately. Immediately secure backup data or systems by taking them offline and ensure backups are free of malware. These are the immediate steps to take when alerted of an attack. From here, MSPs should focus on ensuring hackers can’t get back in.

These are just a few ways to prepare for a ransomware attack and are certainly not a comprehensive list. To learn more about how MSPs can help prevent their SMB clients from falling victim to a ransomware attack, take a look at our infographic, The Journey of Crypto-Ransomware: Detection, Response, and Prevention.

Source: Datto

29

Mar

Insights into the financial and operational implications of having backups compromised in a ransomware attack.

There are two main ways to recover encrypted data in a ransomware attack: restoring from backups and paying the ransom. Compromising an organization’s backups enables adversaries to restrict their victim’s ability to recover encrypted data and dial-up the pressure to pay the ransom.

This analysis explores the impact of backup compromise on the business and operational outcomes of a ransomware attack. It also shines light on the frequency of successful backup compromise across a range of industries.

The findings are based on a vendor-agnostic survey commissioned by Sophos of 2,974 IT/cybersecurity professionals whose organizations had been hit by ransomware in the last year. Conducted by independent research agency Vanson Bourne in early 2024, the study reflects respondents’ experiences over the previous 12 months.

Executive summary

The analysis makes clear that financial and operational implications of having backups compromised in a ransomware attack are immense. When attackers succeed in compromising backups, an organization is almost twice as likely to pay the ransom and incurs an overall recovery bill that is eight times higher than for those whose backups are not impacted.

Detecting and stopping malicious actors before your backups are compromised enables you to reduce considerably the impact of a ransomware attack on your organization. Investing in preventing backup compromise both elevates your ransomware resilience while also lowering the overall Total Cost of Ownership (TCO) of cybersecurity.

Download the report PDF

Learning 1: Ransomware actors almost always attempt to compromise your backups

94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack. This rose to 99% in both state and local government, and the media, leisure and entertainment sector. The lowest rate of attempted compromise was reported by distribution and transport, however even here more than eight in ten (82%) organizations hit by ransomware said the attackers tried to access their backups.

Learning 2: Backup compromise success rate varies greatly by industry

Across all sectors, 57% of backup compromise attempts were successful, meaning that adversaries were able to impact the ransomware recovery operations of over half of their victims. Interestingly, the analysis revealed considerable variation in adversary success rate by sector:

  • Attackers were most likely to successfully compromise their victims’ backups in the energy, oil/gas, and utilities (79% success rate) and education (71% success rate) sectors
  • Conversely, IT, technology and telecoms (30% success rate) and retail (47% success rate) reported the lowest rates of successful backup compromise

There are several possible reasons behind the differing success rates. It may be that IT, telecoms and technology had stronger backup protection in place to start with so was better able to resist the attack. They may also be more effective at detecting and stopping attempted compromise before the attackers could succeed. Conversely, the energy, oil/gas and utilities sector may have experienced a higher percentage of very advanced attacks. Whatever the cause, the impact can be considerable.

Learning 3: Ransom demands and payments double when backups are compromised

Data encryption

Organizations whose backups were compromised were 63% more likely to have data encrypted than those that didn’t: 85% of organizations with compromised backups said that the attackers were able to encrypt their data compared with 52% of those whose backups were not impacted. The higher encryption rate may be indicative of weaker overall cyber resilience which leaves organizations less able to defend against all stages of the ransomware attack.

Ransom demand

Victims whose backups were compromised received ransom demands that were, on average, more than double that of those whose backups weren’t impacted, with the median ransom demands coming in at $2.3M (backups compromised) and $1M (backups not compromised) respectively. It is likely that adversaries feel that they are in a stronger position if they compromise backups and so are able to demand a higher payment.

Ransom payment rate

Organizations whose backups were compromised were almost twice as likely to pay the ransom to recover encrypted data than those whose backups were not impacted (67% vs. 36%).

Ransom payment amount

The median ransom payment by organizations whose backups were compromised was $2M, almost double that of those whose backups remained intact ($1.062M). They were also less able to negotiate down the ransom payment, with those whose backups were compromised paying, on average, 98% of the sum demanded. Those whose backups weren’t compromised were able to reduce the payment to 82% of the demand.

Learning 4: Ransomware recovery costs are 8X higher when backups are compromised

Not all ransomware attacks result in a ransom being paid. Even when they do, ransom payments are just part of the overall recovery costs when dealing with a ransomware attack. Ransomware-led outages frequently have a considerable impact on day-to-day business transactions while the task of restoring IT systems is often complex and expensive.

The median overall ransomware recovery costs for organizations whose backups were compromised ($3M) came in eight times higher than that of organizations whose backups were not impacted ($375K). There are likely multiple reasons behind this difference, not least the additional work that is typically needed to restore from decrypted data rather than well-prepared backups. It may also be that weaker backup protection is indicative of less robust defenses and greater resulting rebuilding work needed.

Those whose backups were compromised also experienced considerably longer recovery time with just 26% fully recovered within a week compared with 46% of those whose backups were not impacted.

Recommendations

Backups are a key part of a holistic cyber risk reduction strategy. If your backups are accessible online, you should assume that adversaries will find them. Organizations would be wise to:

  • Take regular backups and store in multiple locations. Be sure to add MFA (multi-factor authentication) to your cloud backup accounts to help prevent attackers from gaining access.
  • Practice recovering from backups. The more fluent you are in the restoration process, the quicker and easier it will be to recover from an attack.
  • Secure your backups. Monitor for and respond to suspicious activity around your backups as it may be an indicator that adversaries are attempting to compromise them.

How Sophos can help

Sophos MDR: Over 500 experts monitoring and defending your organization

Sophos MDR is a 24/7 expert-led managed detection and response service that specializes in stopping advanced attacks that technology alone cannot prevent. It extends your IT/security team with over 500 specialists who monitor your environment, detecting, investigating, and responding to suspicious activities and alerts.

Sophos MDR analysts leverage telemetry from the security tools you already use – including your backup and recovery solution – to detect and neutralize attacks before damage is done. With an average threat response time of just 38 minutes, Sophos MDR works faster than your next threat.

Sophos XDR: Enabling IT teams to detect and respond to attacks

In-house teams can use Sophos XDR to get the visibility, insights, and tools they need to detect, investigate, and respond to multi-stage threats, across all key attack vectors, in the shortest time. With Sophos XDR you can leverage telemetry from your backup and recovery solution, as well as your wider security stack, to quickly see and respond to attacks.

Source: Sophos

29

Mar

The cloud’s allure of scalability, flexibility and cost-efficiency has spurred a revolution, transforming how organizations operate and manage their data. Enterprises are no longer confined to on-premises data centers; they’re expanding into hybrid and multicloud environments, adopting SaaS applications and supporting mobile workforces. While these advancements fuel innovation and growth, they also generate a complex web of data dispersed across diverse platforms and locations.

At Datto, we understand that this rapidly expanding data footprint is a paramount concern for managed service providers (MSPs) entrusted with safeguarding client workloads and data. With a keen understanding of the MSP landscape and continued innovation in the backup space over the decades, we have ensured both us and our clients stay well ahead of the curve. Datto’s most complete, integrated and intelligent backup portfolio helps MSPs like you protect your clients’ data wherever it lives — delivering greater value to your customers and providing the best margins to you.

The recently conducted Backup Product Innovation webinar discussed all the major innovations we recently brought into the Datto Backup portfolio to elevate your MSP game. The webinar delved deep into all the innovations/features, including:

  • Integrated customer billing: This feature automates Datto Backup modules’ consumption reconciliation and billing process, helping you eliminate the complexity and time involved in manual reconciliation. Consumption metrics from all Datto Backup products will be automatically fed to the contracts in Autotask PSA and Kaseya BMS, simplifying the whole process.
  • RMM integration: The backup modules’ integration with Datto RMM makes data protection simpler and more efficient. It allows you to perform backup functions directly from Datto RMM, reducing your clients’ recovery time objective (RTO). This also reduces the time and effort required to onboard clients for various backup modules since all the tools are available in Datto RMM.
  • Hero reports: This feature empowers you to easily demonstrate the value of your services loud and clear to the clientele. With Hero reports’ insightful, customizable and intuitive reporting, you can save up to 75% of technician time preparing reports for the clients.
  • 1-click disaster recovery: This feature enables cloning the already configured VMs and network settings during disaster recovery (DR), substantially improving the efficiency of DR and reducing downtime.
  • IT Glue integration with Datto SaaS Protection: IT Glue’s integration with Datto SaaS Protection enables automated documentation of the backup health of Microsoft 365 and Google Workspace from Datto SaaS Protection in IT Glue. This integration not only provides high visibility of backup health across hundreds and thousands of users but also brings to light any unprotected users that require additional protection.

As we navigate the dynamic and ever-evolving landscape of data protection, we recognize that your success is our success. By continuously innovating and offering tailored solutions, we continue to future-proof your MSP business in a world driven by data. We have lined up some exciting features, programs and integrations for the upcoming quarters, too.

Watch the webinar recording here to learn more about all the recent innovations that Datto has brought to the fold. You can also get a demo to see firsthand how Datto can help you comprehensively protect your clients’ data regardless of location.

Source: Datto

22

Mar

Sophos’ market-leading Managed Detection and Response offering continues to go from strength to strength, with over 20,000 organizations worldwide now protected by the service.  

Industry analysts agree. We are delighted to announce that Sophos has been named a Leader by Frost & Sullivan in their 2024 Frost Radar™ report for Global Managed Detection and Response.

According to Frost & Sullivan, Sophos stands out as an MDR leader for:

Flexibility

Citing Sophos’ expansive integrations with both native and third-party technologies, the report also highlights the flexibility of our MDR response modes and subscription tiers.

Support for Microsoft Environments

The evaluation calls out Sophos’ ability to deliver MDR services for Microsoft environments as an advantage, with the expertise to investigate and respond to Microsoft security alerts across endpoint, cloud, and identity sources, among others.

Unlimited Incident Response

Frost & Sullivan highlights a powerful differentiator of Sophos MDR: “To go a step beyond the traditional functionalities and responsibilities of MDR platforms, Sophos delivers unmetered incident response services as part of its core offering”.

Rapid Growth

Acknowledging our success in the market, the report notes that Sophos is “growing faster than average in the already fast-growing MDR market”, thanks to our channel-best approach and thought leadership.

Download the full Frost & Sullivan Report

Continued Industry Recognition

Sophos MDR continues to garner high praise from experts across the industry. In addition to this Frost & Sullivan recognition, Sophos is proud to be:

  • A Gartner Peer Insights Customers’ Choice for Managed Detection and Response
  • Rated the Number 1 MDR solution by customers in the G2 Winter 2024 Grid Reports
  • Named a Representative Vendor in the Gartner Market Guide for Managed Detection and Response Services

Check out our full range of independent accolades and endorsements on Sophos.com.

To learn more about Sophos MDR,  or speak to your Sophos representative or partner.

Source: Sophos

18

Mar

We are delighted to announce that Sophos has been named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Small Businesses 2024 Vendor Assessment (doc #US50521424, March 2024). This recognition comes on the heels of Sophos also being named a Leader in the IDC MarketScape: Worldwide Modern Endpoint Security for Midsize Businesses 2024 Vendor Assessment (doc #US50521323, February 2024).

The IDC MarketScape study evaluates modern endpoint security vendors’ prevention, EDR, and MDR capabilities and business strategies, with a specific focus on the requirements of small businesses.

According to the IDC MarketScape evaluation, “Sophos is a strong consideration for small businesses, particularly those with large business security requirements that have little to no in-house security expertise.”  Read the excerpt

“Every organization, regardless of size, suffers from resource constraints. The stakes in cybersecurity, with small businesses in particular, are massive, and many of these companies are struggling to keep up,” said Michael Suby, research vice president, Security & Trust, IDC. “Sophos, with an expansive set of protection technologies and proven MDR service offering, is a great option to help a small business improve its security posture in whatever way fits best – either with the tools to help its experts in-house or by leveraging the expertise of the dedicated MDR security team.”

Trusted Managed Detection and Response Service

Cybersecurity is becoming so complex that most small businesses cannot keep up and need every advantage. Sophos delivers superior cybersecurity outcomes by giving customers the advantages they urgently need. Our 24/7 Managed Detection and Response service enables organizations to reduce the risks and costs associated with security incidents and data breaches that could potentially be catastrophic to small businesses.

The IDC MarketScape report notes: “Sophos MDR, already in use by over 20,000 Sophos customers, is a time-tested MDR service combined with Sophos’ engagements with cyber insurance providers delivers the confidence small businesses need to attain their endpoint security objectives without being security experts.” 

Innovative Protection Capabilities

Sophos delivers strong preventative security that significantly reduces the workload resource-stretched small businesses​. We believe our continued ‘protection-first’ strategy is a key contributor to Sophos’ position as a Leader in this evaluation.

We are constantly innovating to stay ahead of the evolving and expanding attack landscape. The IDC MarketScape assessment references Sophos’ expansive set of protection technologies provided as standard features in our endpoint security offering, and calls out some of our most recent innovations:

“Even with the most diligent efforts to deflect attackers, there are no guarantees that all manner of attacks can be thwarted. Addressing this potential, Sophos recently added several new capabilities: adaptive attack protection, critical attack warning, and data protection and recovery.” 

Get the excerpt

To learn more about why Sophos was named a Leader in the 2024 IDC MarketScape for Worldwide Modern Endpoint Security for Small Businesses, read the excerpt here.

Source: Sophos

14

Mar

Organizations should implement the principle of least privilege to protect their sensitive data from unauthorized access. To implement the principle of least privilege, organizations need to define roles and permissions, invest in a Privileged Access Management (PAM) solution, enforce MFA, automatically rotate credentials for privileged accounts, segment networks and regularly audit network privileges.

Continue reading to learn more about the principle of least privilege, why it is important and how your organization can implement it.

What Is the Principle of Least Privilege and Why Is It Important?

The Principle of Least Privilege (PoLP) is a cybersecurity concept in which users are granted just enough network access to data and systems to do their jobs, and no more. Least privilege access applies to users, processes, applications, systems and IoT devices. It prevents users from accessing resources they do not need and limits what they can do with the resources they do have access to.

Least privilege access is important because it:

  • Reduces attack surface: Attack surface refers to the possible entry points where cybercriminals can access a system and steal data. By limiting privileges, organizations can reduce the possible entry points for unauthorized access and easily prevent any potential threats.
  • Minimizes insider threats: Insider threats are cyber threats originating from within an organization when current or former employees, partners, contractors or vendors heighten the risk of sensitive data and systems becoming compromised. By limiting access, organizations can minimize insider threats from compromising sensitive data, whether by accident or intentionally.
  • Prevents lateral movement: Lateral movement is when cybercriminals move deeper within an organization’s network after gaining initial access by escalating their privileges. Least privilege access prevents threat actors from moving laterally throughout a network. The cybercriminal will be restricted to the systems and data of the compromised account.
  • Adheres to regulatory compliance: Least privilege access helps organizations protect sensitive data and adhere to regulatory and industry compliance frameworks such as GDPR, HIPAA and SOX.

6 Ways Organizations Can Implement the Principle of Least Privilege

The principle of least privilege will help organizations improve their security and protect their sensitive information from unauthorized access. Here are six ways organizations can implement the principle of least privilege.

Define roles and permissions

The first step of implementing the PoLP is to define roles and permissions. Organizations need to determine the level of access to specific sensitive data and systems – who should be accessing these resources, why they are accessing them and how long they should have access to them. They then need to define what role each member of the organization has and what permissions each member has based on their role. They should use Role-Based Access Control (RBAC) to help define roles and permissions.

RBAC grants specific network permissions based on a user’s defined role. Users will have limited network access to specific data and systems based on their role within the organization and what they need to do their jobs. They should not have access to any resources outside of their assigned job duties. RBAC restricts what users can do with a system or file they have access to. For example, marketing employees need access to customer data but not developer environments, and IT administrators need access to developer environments but not financial records.

Invest in a PAM solution

To help manage and keep track of privileged accounts, organizations need to invest in a PAM solution. PAM refers to securing and managing accounts with access to highly sensitive systems and data. These privileged accounts can range from local administrator accounts to non-human service accounts to privileged user accounts. With a PAM solution, organizations can implement least privilege access since they have full visibility into their entire data infrastructure and how much access users have to sensitive data. They can determine who can access privileged accounts and how much access each user should have. PAM solutions help prevent privileged accounts from being misused by insider threats and compromised by threat actors.

Enforce MFA

Multi-Factor Authentication (MFA) is a security protocol that requires additional authentication. To access a privileged account protected by MFA, authorized users must provide the login credentials to the account and an extra form of verification. Organizations need to enforce MFA on all privileged accounts to add an extra layer of security and ensure that only authorized users can access them. Even if the login credentials to the privileged account were compromised, cybercriminals could not access the account because it’s protected by MFA and they cannot provide additional authentication.

Automatically rotate credentials for privileged accounts

Password rotation is a cybersecurity practice in which passwords are regularly changed on a predetermined schedule. Organizations should use automated password rotation to protect privileged accounts from unauthorized access. Since privileged accounts provide access to sensitive information, organizations need to regularly change their passwords for these accounts. This locks out users who do not need access to the accounts anymore and prevents cybercriminals from cracking the passwords. Using automated password rotation ensures that privileged accounts are protected with strong and unique passwords after every rotation.

Segment networks

Network segmentation divides and isolates parts of an organization’s network to control access to sensitive information. These segments are divided based on the type of sensitive information stored and the users who need access. Segmentation limits access to the entire network and only allows users to access resources within their respective segments. It helps prevent cybercriminals who have gained unauthorized access to an organization’s network from moving laterally across the network because the cybercriminal is limited to only the network segment they accessed. To provide better security to their network, organizations can create micro-segments which are isolated parts of the network within a segmented network.

Regularly audit network privileges

Organizations need to regularly audit network privileges to ensure the right users have the necessary access they need to do their jobs and remove any users who do not need access to specific resources anymore. Regularly auditing network privileges and access prevents privilege creep, which is when users have accumulated higher levels of access than they need. It helps prevent misuse by potential insider threats and unauthorized access by cybercriminals.

Use Keeper® To Implement the Principle of Least Privilege

The best way to implement the principle of least privilege is with a PAM solution. With a PAM solution, organizations can see who has access to their network and limit user access to sensitive data. They can secure privileged accounts by ensuring employees are protecting them with strong and unique passwords and MFA.

KeeperPAM™ is a privileged access management solution that helps simplify privilege management by combining Keeper Enterprise Password Manager (EPM), Keeper Secrets Manager (KSM) and Keeper Connection Manager (KCM) into one, unified solution. With KeeperPAM, organizations can achieve complete visibility, security and control over every privileged user on every device.

Source: Keeper

12

Mar

Some of the benefits of using passphrases are that they’re easy to remember, difficult for cybercriminals to crack and they’re considered to be more secure than traditional passwords because of poor password habits. Some of the disadvantages of using passphrases are that some websites and apps may have low character limits, it’s impossible to remember passphrases for every single one of your accounts and they’re still vulnerable to being exposed in public data breaches.

Continue reading to learn more about passphrases and when you should use them to secure your online accounts and apps.

What Is a Passphrase?

A passphrase is a type of password that is created using a random combination of uncommonly used words. Since passphrases are created using words, they are generally longer, easier to remember and are considered to be more secure than using traditional passwords. Traditional passwords are often weak and are reused across multiple accounts because it’s difficult for individuals to remember multiple strong passwords.

While passphrases are considered to be more secure, there are still rules users should take into account when creating strong passphrases. A strong passphrase should have the following characteristics.

    • Contains at least four words that are four or more letters each
    • Is made up of at least 16 characters
    • Contains uppercase and lowercase letters, numbers and symbols
    • Doesn’t contain personal information
    • Doesn’t contain words that relate to one another
    • Isn’t being reused across multiple accounts

The Benefits of Using a Passphrase

Here are three benefits to using passphrases over traditional passwords.

Easy to remember

Because passphrases are made up of different words, they’re typically easier for users to remember, especially when you compare them to traditional passwords. For a traditional password to be strong, it has to be made of a variety of characters and be at least 16 characters long. A long, complex password isn’t as easy to remember as a long passphrase that contains a mix of characters.

Difficult for cybercriminals to crack or guess

The longer a passphrase is, the longer it takes for cybercriminals to guess or crack it. This is due to its password entropy. Password entropy is a mathematical equation that is used to determine whether it would be easy or hard for a cybercriminal to crack a password. Password entropy takes into account the variation of character length used in the password. Because passphrases are longer due to multiple words, their password entropy is greater, meaning they’re more difficult for cybercriminals to crack.

More secure than traditional passwords 

As mentioned above, when creating traditional passwords, many people resort to using weak passwords because they want to be able to remember them for multiple accounts. This often leads to password reuse, which places multiple accounts at risk of being compromised if a cybercriminal cracks just a single password that’s being reused. Using passphrases as passwords removes this risk since they’re both strong and easy for users to remember.

The Disadvantages of Using a Passphrase

Here are three primary disadvantages to using passphrases.

Some websites and applications have low character limits

The longer a passphrase is, the more secure it’s considered to be. However, using passphrases may not be possible on some websites and applications that have low character limits. This means users should instead use traditional strong passwords on these websites and apps to ensure that the password they’re creating cannot be easily guessed or cracked by cybercriminals. We suggest using a password generator to help you create these strong passwords.

You can’t remember passphrases for every single account

While passphrases are easier to remember than long, complex passwords, you won’t be able to remember them for every single account. The average person has 100 accounts, ranging from bank accounts to social media accounts, so even if you choose to use passphrases to protect every single one of them, it’ll be impossible to remember 100 passphrases on your own.

Still vulnerable to data breaches

While passwords – like passphrases – are meant to secure your online accounts from unauthorized access, they’re still vulnerable to data breaches. This is especially true for users who fail to also enable Multi-Factor Authentication (MFA) on their accounts. MFA adds an extra layer of security to your online accounts by requiring that a user verify who they are before being able to access their account. The more MFA methods enabled on an account, the more secure that account will be.

When public data breaches occur, whether or not a user’s password is strong doesn’t matter – all that matters is how that organization protects user information, which includes their credentials. If a user’s credentials aren’t secured, then their password is vulnerable to being exposed in a data breach.

When To Use a Passphrase

Passphrases are great to use in any instance where you only need to create passwords for a small number of accounts. The more accounts you use a passphrase on, the more passphrases you’ll have to rely on yourself to remember. Many people choose to use passphrases when creating a master password for an account, such as a password manager.

Password managers are tools that aid users in creating, managing and securely storing their sensitive data, such as the logins to their online accounts, credit card details and sensitive files. Password managers remove the need for users to remember multiple passwords and instead, users only have to create and remember one master password. This password should be both strong and easy for the user to remember, so it’s the perfect instance to use a strong passphrase.

Passphrases Are Easy To Remember and Secure

Passphrases are a great way to create passwords that are both strong and easy to remember. However, even though you’ll be able to remember one or two passphrases easily, it’ll be impossible to remember a passphrase for every single one of your accounts. A password manager like Keeper® can help. Keeper helps users create, store and manage the logins for every one of their accounts. Keeper also stores Two-Factor Authentication (2FA) codes, to make securing accounts with MFA a lot easier.

Ready to see how Keeper Password Manager can help you secure your online accounts? Start a free 30-day trial today.

Source: Keeper

7

Mar

Cybersecurity professionals are a core element of an organization’s cyber defenses. While much has been written about the shortage of skilled cybersecurity staff, far less focus has been given to how to enable these professionals to make the greatest impact. In short, how best to set them up for success.  

Our recent analysis aims to advance this area of understanding by exploring the question: Does organizational structure affect cybersecurity outcomes? The findings will hopefully prove useful for anyone considering how to structure a cybersecurity function to achieve the best outcomes. Download the report 

Approach 

Our starting point was an independent survey commissioned by Sophos into the experiences of 3,000 IT/cybersecurity professionals working in mid-sized organizations (between 100 and 5,000 employees) across 14 countries. The research was conducted in the first quarter of 2023 and revealed the realities of ransomware, cyber risk, and security operations for security professionals operating at the frontline. The findings formed the basis of the Sophos State of Ransomware 2023 and State of Cybersecurity 2023 reports. 

This analysis looked at those cybersecurity experiences through the lens of the organizational structure deployed. The goal was to identify if there is any relationship between structure and outcomes and, if so, which structure reported the best results.  

Survey respondents selected one of the following models that best represented the structure of the cybersecurity and IT functions in their organization: 

  • Model 1: The IT team and the cybersecurity team are separate organizations (n=1,212) 
  • Model 2: A dedicated cybersecurity team is part of the IT organization (n=1,529) 
  • Model 3: There is no dedicated cybersecurity team; instead, the IT team manages cybersecurity (n=250) 

Nine respondents did not fall into any of these models and so were excluded from the analysis. Organizations that fully outsourced their cybersecurity, for example, to an MSSP, were excluded from the research.  

Executive summary 

The analysis revealed that organizations with a dedicated cybersecurity team within a wider IT team report the best overall cybersecurity outcomes (model 2) relative to the other two groups. Conversely, organizations where the IT and cybersecurity teams are separate (model 1) reported the poorest overall experiences.  

While cybersecurity and wider IT operations are separate specializations, the relative success of model 2 may be because the disciplines are also intrinsically linked: cybersecurity controls often have a direct impact on IT solutions while implementing good cyber hygiene, for example, patching and locking down RDP, is often executed by the IT team.  

The study also made clear that if you lack essential cybersecurity skills and capacity, how you structure the team makes little difference to many of your security outcomes. Organizations looking to supplement and extend their in-house capabilities with specialist third-party cybersecurity experts (for example, MDR providers or MSSPs) should look for flexible partners who demonstrate the ability to work as an extension of the wider in-house team. 

Analysis highlights 

The analysis compares the reported experiences of the three groups across a number of areas, revealing some thought-provoking outcomes. 

Root cause of ransomware attacks  

Interestingly, the reported root cause of ransomware attacks varied by organizational structure: 

  • Model 1: Almost half of attacks (47%) started with an exploited vulnerability, while 24% were the result of compromised credentials. 
  • Model 2: Exploited vulnerabilities (30%) and compromised credentials (32%) were almost equally likely to be the root cause of the attack. 
  • Model 3: Almost half of attacks (44%) started with compromised credentials, and just 16% with an exploited vulnerability. 

Ransomware recovery  

Model 1 organizations were far more likely to pay the ransom than the other groups, and reported the lowest rate of backup use to recover encrypted data. In addition to being the group most likely to pay the ransom, model 1 organizations also reported paying much higher ransoms, with their median payment more than double that of models 2 and 3.  

Security operations 

The biggest takeaway from this area of analysis is that while model 2 organizations fare best in security operations delivery, most organizations find it challenging to deliver effective security operations on their own. Essentially, how you structure the team makes little difference if you lack essential capacity and skills.

Day-to-day cybersecurity management 

There is a lot of common ground in this area across all three groups, and all experience similar challenges. More than half of respondents in all three models report that cyberthreats are now too advanced for their organization to deal with on their own (60% model 1; 51% model 2; 54% model 3).  

All models also share similar worries around cyberthreats and risks. Data exfiltration and phishing (including spear phishing) feature in the top three cyber concerns for all three groups, and security tool misconfiguration is the most common perceived risk across the board. Essentially, everyone has the same top concerns, independent of organizational structure. 

Important note 

While this analysis provides unique insights into the correlation between IT/cybersecurity structure and reported outcomes, it does not explore the reasons behind these results i.e., causation. Every organization is different, and the structure of the IT/cybersecurity function is one of many variables that can impact propensity to achieve good security outcomes, including industry sector, the skill level of team members, staffing levels, the age of the organization, and more. These learnings should be used alongside other considerations to identify the best approach for an individual organization.

Learn more 

To learn more and see the full analysis, download the report 

As stated, this analysis focuses on correlation rather than causation, and further research is needed to understand the reasons behind these outcomes. In the face of today’s cybersecurity challenges, any gain for defenders is important and we hope this analysis will spur further study into how organizations can leverage their internal structure to help optimize their defenses. 

5

Mar

In the past fifteen years, at least 5,887 large healthcare data breaches have been reported to the U.S. Office for Civil Rights (OCR). With so much sensitive personal data housed in one place, it is no wonder the healthcare sector is a prime target of attack.

The State of Cybersecurity in Healthcare  

According to the HIPAA Journal, healthcare-targeted data breaches have been trending upwards over the past few years, with nearly 46 million breaches in 2021 turning into nearly 52 million in 2022. However, 2023 “smashed all previous records with an astonishing 133 million records exposed, stolen, or otherwise impermissibly disclosed,” the Journal states.

According to the Verizon 2023 Data Breach Investigations Report, 35% of healthcare data breaches stem from internal bad actors, while 66% come from outside. What motivates attackers targeting this sector? Per the same report: money, espionage, fun, and ideology, in that order.

There are several key factors that make healthcare a highly targeted industry:

  • Vast amounts of sensitive data 
    With swaths of personal health information (PHI) and other forms of personal identifiable information (PII) in their databases, healthcare organizations are a jackpot of data wealth to criminals.
  • Slow digitization 
    A slow-moving tech update culture leaves many medical groups still transitioning to digital records and, consequently, still learning to secure them.
  • Third-party risks 
    The global healthcare supply chain is so vast that the healthcare supply chain management market size is expected to more than double in the next six years and is already valued at nearly 3 billion dollars worldwide. That’s not even mentioning the software supply chain, and with ubiquitous digitization, cyber threats can lurk anywhere among those upstream vendors.

Additionally, the most common cyber threats and vulnerabilities resulting in data breaches are:

  • Ransomware attacks
  • Email phishing
  • Electronic health records vulnerabilities
  • Insider threats
  • Lost, stolen, or misplaced devices
  • Identity fraud
  • DDoS attacks

Diving into just a few, ransomware attacks on hospitals have changed for the worse, becoming more sophisticated and evolving into a matter of life or death, as hacked devices could include defibrillators, surgical technology, and life support machines. When it comes to social engineering, phishing is not only the leading cause of healthcare data breaches, but seems to be increasing, with 57% of healthcare cybersecurity professionals stating that their most severe security incident involved phishing.

And since the Electronic Medical Records (EMR) Mandate took effect in 2014, healthcare groups with no prior experience creating digital health documents now have had to secure them — with varying levels of success. A report by Critical Insight noted that EHR-related breaches accounted for a full 7% of all data breaches to the healthcare sector within a six-month period.

The Main Industry Challenges

Although attack rates may be high, it is safe to say that the healthcare sector has its share of troubles when securing their patient data. The main industry challenges include:

  • Increasing costs 
    Rising costs associated with healthcare and tight security budgets make it nearly impossible for healthcare organizations to effectively manage the vast amount of data flowing through their systems and storage spaces.
  • Complex technologies 
    Newer technologies like smartphones, tablets, and even medical IoT devices can throw people and processes for a loop, and legacy healthcare security systems have a hard time keeping up. As organizations move to the cloud and otherwise diversify their digital landscapes, it is challenging for security leaders to ensure medical device security. Medical devices like X-rays and MRIs are also potent vector of attack for hackers.
  • Intertwined systems and omnichannel interactions 
    The complexity of EHR systems, increased cloud usage, the rising number of health-related apps, and remote work (even doctor’s visits) expand the medical attack surface, introducing more opportunities for endpoint attacks.

Solutions on the Horizon 

Notwithstanding the challenges, there are also solutions coming to the forefront. The U.S. Department of Health and Human Services (HHS)’s Cybersecurity Strategy for the Healthcare Sector is one such example. It is a framework put forth by the federal government to help protect the healthcare sector against cybersecurity threats. Its tenants include:

  1. Establishing voluntary security goals within the healthcare industry
  2. Incentivizing the accomplishment of these security goals
  3. Implement an HHS-wide strategy for greater enforcement and accountability
  4.  Expand and mature the HHS’ “one-stop shop” for healthcare cybersecurity

Government strategy and involvement is an encouraging step to developing mature healthcare cybersecurity regulations. However, it is one that must be coupled with the right security technology.

Cybersecurity Best Practices for Healthcare and How Fortra Can Help  

When crafting their security strategy, it is important for organizations to prioritize prevention, not simply the cure. Prevention goes a long way to protect PHI and PII from being exposed in the first place and save medical groups from damage to their systems and reputation.

Here are a few tips for developing a preventative security approach:

  • Choose a multi-layered data security solution that will help you classify data, detect and prevent leaks, and encrypt sensitive data both in transit and at rest, as well as provide next-generation data loss prevention (DLP) for healthcare.
  • Monitor for changes to your EHR so you know when an unauthorized party is trying to make changes without the owner’s consent.
  • Perform risk assessments on your network, technologies, software, and applications to close security gaps. Regularly patch software to ensure all systems are up to date.
  • Invest in a robust identity governance and administration (IGA) solution to help you properly manage access to medical devices, hospital rooms, and applications.
  • Pick an identity and access management (IAM) platform that features a managed file transfer (MFT) solution and a zero-trust methodology as standard components. HIPAA secure file transfer solutions enable your team to work with confidence and focus on what matters — all while keeping patients, the organization, and the industry safe.
  • Find a trusted email security solution that can identify good email behavior from bad.
  • Closely manage and monitor third-party vendors who have access to your systems and data.
  • Maintain a detailed incident detection and response plan at all times. While prioritizing prevention, it’s vital to always be ready for the crisis.
  • Share your experiences. Team up with healthcare security experts and government agencies to share your expertise and find innovative solutions to emerging threats.

And remember, good healthcare cybersecurity software solutions deliver effective compliance, helping you keep up with standards such as:

Source: Fortra

27

Feb

Sophos NDR can now be deployed in AWS AMI for all NDR and XDR/MDR customers with a licensed integration pack that requires a log collector.

Sophos NDR in AWS offers several advantages for threat detection and response:

What you get

Cloud-native security monitoring:

  • AWS-native NDR sensors can now efficiently provide visibility into the network traffic and security events within AWS environments. This is crucial for monitoring and securing cloud-based workloads.
  • If the NDR sensor is external to the AWS environment, then the network traffic has to be routed to the external NDR sensor at a significant data transfer cost.

Scalability:

  • Deploying an NDR sensor as an AMI allows you to scale your security monitoring capabilities based on the growth of your AWS infrastructure. You can easily launch multiple instances of the sensor to cover larger environments or increasing workloads.
  • Each deployed sensor can support 1GBS network traffic via a span/rspan configuration.

Real-time threat detection and response:

  • Sophos NDR monitors both encrypted and un-encrypted network traffic in real time, detecting and alerting on potential security incidents.
  • Combining Sophos NDR and XDR/MDR with Sophos Firewall in AWS provides real-time Active Threat Response to block active adversaries dead in their tracks.

How it works

Amazon Machine Image (AMI) is a pre-configured virtual machine image used to create Amazon Elastic Compute Cloud (EC2) instances within the Amazon Web Services (AWS) environment. An AMI contains the necessary information to launch an instance, which includes the operating system, application server, and any additional software required to run your application. The AWS AMI also supports log collectors for third-party integrations, as well as NDR.

Getting started

Check out the video, documentation, and links to AWS on the Sophos NDR community for information on how to get started quickly.

Source: Sophos

22

Feb

You can avoid social media identity theft by setting strict privacy settings, securing your social media accounts with strong passwords, vetting every friend and follower request, keeping an eye out for phishing attempts and limiting what you share on social media. With almost every person having at least one social media account, cybercriminals are leveraging this by targeting these accounts to carry out various cyber attacks, including identity theft.

Continue reading to learn more about what social media identity theft is, how it happens and the dangers of oversharing on these platforms.

What Is Social Media Identity Theft?

Social media identity theft is when cybercriminals use social media platforms such as Instagram and Facebook to steal your Personally Identifiable Information (PII). Some cybercriminals will even go as far as gaining access to your social media accounts so they can gather even more information about you.

When a cybercriminal has just enough information about you, they can use it to steal your identity. Identity theft can not only be costly to recover from, but it can also be time-consuming, as well as mentally and emotionally draining.

How Social Media Identity Theft Happens

Social media identity theft can happen in different ways, but one of the most common ways is through Account Takeover (ATO) attacks. An ATO attack is when a cybercriminal takes over one of your online accounts and locks you out of it by changing your password. Since you no longer know the password to your account, you’re unable to log in to it until you reset your password or get in contact with customer service.

While a cybercriminal has access to your account, they can do anything on it such as make posts or scam your friends and followers. For some cybercriminals, taking over one of your accounts is just the beginning and they may even attempt to take over other critical accounts like your bank account.

Most people tend to overshare on social media making them targets for cybercriminals. For individuals who have larger followings, you’re an even bigger target because cybercriminals can attempt to scam your followers by pretending to be you. Because your followers are unaware of the account takeover attack, they may unwittingly share sensitive information.

Steps To Avoid Social Media Identity Theft

Here are five steps to avoid becoming a victim of social media identity theft.

Set strict privacy settings

All of your social media accounts should have strict privacy settings set. Here’s how to make your Instagram, Facebook and X (formerly known as Twitter) accounts more private.

  • Instagram: Go to Settings and privacy > Click Who can see your content > Toggle Private Account > Click Switch to private to confirm.
  • Facebook: Go to Settings > Under Audience and visibility click Followers and public content > Customize these settings to be more private. We recommend not having any of these settings set to public.
  • X: Click your profile icon on the upper right-hand corner > Click Settings and privacy > Click Privacy and safety > Click Audience and tagging > Toggle the buttons where it says Protect your posts and Protect your videos.

The stricter your privacy settings are on your social media accounts, the more secure they’ll be from prying eyes.

Strengthen your social media accounts with strong and unique passwords

To prevent account takeover attacks, each of the passwords to your online accounts should be strong and unique. This means they shouldn’t be reused or use common dictionary words and phrases. Each of your passwords should integrate the following password best practices:

  • Be at least 16 characters long
  • Include uppercase and lowercase letters
  • Include numbers
  • Include symbols (e.g. $, &, #)

When creating strong passwords, it’s best to have a password generator create them for you to ensure that they are always long and complex. If you find yourself having trouble remembering multiple passwords, it’s worth investing in a password manager to help you create, manage and securely store your strong passwords for you.

Vet every friend and follower request

Having a large number of followers isn’t always good, especially if most of those followers are strangers you don’t know. Rather than accepting every friend and follower request you receive, check to see if it’s worth giving them access to your social media accounts.

Some cybercriminals go as far as creating fake social media accounts just so they can follow you to see what you post, so you’ll want to be extra cautious about which friend requests you’re accepting.

Be on the lookout for phishing attempts

Phishing is a type of social engineering attack that aims to get victims to disclose sensitive information by pretending to be someone the victim knows or a company they have an account with. Phishing attempts leverage malicious links and attachments and when victims click on these links or attachments, malware is installed on their device or they’re led to a spoofed website. Spoofed websites are made to look legitimate so victims are inclined to enter their sensitive information such as their login credentials or credit card numbers.

Cybercriminals may use phishing attempts to commit social media identity theft, so it’s important to learn how to spot them. Here are a few phishing attempt indicators.

  • Use of urgent language
  • Offers that seem too good to be true
  • Requests for personal information
  • Urging you to click on unsolicited links or attachments
  • Threats of serious consequences if you don’t follow their instructions

Limit what you share on social media

It can be tempting to share information about an upcoming trip or event on your social media, but you should limit what you share on these platforms, especially when it comes to your whereabouts. Cybercriminals and cyberstalkers look to your social media accounts for information like this so they can use it against you.

The Dangers of Oversharing on Social Media

Oversharing on social media such as posting where you are while you’re at that location, and posting intimate details about your personal life, can jeopardize your online privacy. Cybercriminals look for personal details about your life so they can use them to carry out all types of social engineering attacks. Social engineering is a technique used by cybercriminals to psychologically manipulate victims into doing things or revealing sensitive information. The more a cybercriminal knows about you, the easier it is for them to manipulate you using social engineering tactics.

Oversharing too much information on your social media accounts not only places you at risk of account takeover attacks, but also places you at a greater risk of being a victim of identity theft.

Don’t Fall Victim to Social Media Identity Theft

Social media identity theft can place you at risk of losing access to your accounts and losing money. To keep yourself protected from social media identity theft, implement the steps mentioned above to make your accounts more secure and private.

To learn more about how you can keep your social media accounts secure, here are a few more of our tips. To see how a password manager like Keeper® can help you keep your accounts secure with strong passwords, start a free 30-day trial of Keeper Password Manager today.

Source: Keeper by Aranza Trevino