News
Steady growth in email traffic has been a constant in the business world for many years, and it’s all the more surprising, therefore, that so many companies are still neglecting to protect the ever-expanding information resource that is email. Yet, securing the valuable information contained in emails can be done quickly, simply and at little cost with email archiving software. Due to a certain ignorance of the subject, companies still attach too little importance to email archiving even though, in many countries, they are obliged by law to retain certain types of email. So, in this article, we want to shed light on the five most common misconceptions about email archiving and explain the added value a professional email archiving solution can generate for a company beyond simply backing up email data.
Misconception 1: I Already Use Backups – I Don’t Need Additional Archiving Software.
The reality: Backups store copies of information and system data at regular intervals (e.g. every 24 hours), saving the data usually only for short to medium time periods. Data backups are primarily a means of Disaster Recovery that aims to quickly recover important systems and files after the loss event. However, any data lost between two storage points will not be salvageable, and data may have been modified between two storage cycles.
With a professional email archiving solution, copies of all emails including their file attachments can be stored safely for many years in a form that is faithful to the original, easily retrievable and permanently available. As it is impossible to lose or manipulate emails once they’re in the archive (when using journal archiving plus encryption in the archive), an email archiving solution can also help a company comply with the statutory and regulatory requirements governing the retention of business-relevant data held in emails.
Ideally, a backup system should be used in tandem with email archiving software in order to reap the benefits of both solutions. If you’d like to know more about how backups differ from email archiving and how to benefit from both concepts, please read our blog article on the subject.
Misconception 2: My Current Email Service Already Provides Adequate Options for Professionally Archiving Emails.
The reality: The integrated archiving options of most email providers cannot usually match the range of functions and features offered by professional email archiving software. For example, native archiving options rarely support the creation of a tamper-proof archive or allow an archive to be administered independently of the email platform being used – two elementary requirements of a secure email archive. Please read our free white papers on the best approach to implementing a professional email archiving environment for the popular email providers Microsoft 365 and Google Workspace.
Misconception 3: Email Archiving Is Expensive and Just Causes More Work for My IT Team.
The reality: The cost of operating a professional email archiving solution is usually low as this is geared to the actual number of user licenses required. Also, a professional email archive provides a whole raft of benefits and the initial outlay is quickly amortized. For example, powerful “self-service” options mean that an email archiving solution can enable users to search for required emails by themselves without having to call for help from an IT administrator. Users and administrators alike save precious time that can be put to good use elsewhere. Read all about the benefits of an email archiving solution in our white paper “Email Archiving – An Overview for IT Decision-Makers”.
Misconception 4: Email Archiving Is Only Needed in Heavily Regulated Sectors of Industry.
The reality: In many countries, companies are required by law to retain business-critical data – including emails and their attachments – in accordance with defined requirements. Especially in regulated industries such as finance, healthcare or education, the requirements can be particularly stringent, making an email archiving solution essential.
But even if your company is not subject to statutory archiving regulations, an email archiving solution is still important because professional archiving offers benefits that go well beyond compliance. Emails contain large amounts of business-critical information that require protection even where this is not a strict legal requirement. Besides business correspondence, emails can contain quotations, contracts, invoice and sales data – and even classified corporate data such as information on internal workflows or financial data. As this information may still be relevant to a company years after the event, it should be archived as a matter of course. Swapping out emails to an archiving system can also ease the burden on the email server, while also reducing IT staff workload if users are able to access mail archives themselves. In addition, a seamless historical email archive may contain evidence that could be helpful in criminal proceedings or in-house compliance cases. The list of benefits is long. Read everything there is to know in our free white paper “Email Archiving – An Overview for IT Decision-Makers”.
Misconception 5: Email Archiving Is Not Compatible With Data Privacy.
The reality: As a professional email archive securely stores faithful copies of all emails for many years, it can provide critical support for in-house research teams when searching for older email content, compliance audits, business and tax audits, and even produce evidence for use in criminal proceedings.
That being said, for some time now, the focus has shifted toward protecting personal data in the digital world (data privacy). At the latest since the GDPR came into force in the EU, data privacy has been the focus of increasing attention in countries outside Europe, too. As a rule, privacy laws prohibit the long-term storage of personal data – often found in emails – unless these data are being used for a specific, pre-declared purpose.
However, email archiving and data privacy are certainly reconcilable. A professional email archiving solution can use pre-definable retention policies and deletion rules to delete emails from mailboxes and archives when the maximum legal retention period is reached. So, the benefits of an email archive can be exploited without fear of breaching applicable data privacy legislation.
Detailed information on this subject can be found here.
In Summary – Email Archiving Is a Must.
Corporate misconceptions about email archiving mean that the subject is not receiving adequate attention. Yet, email archiving plays a crucial role when it comes to storing business-relevant information and documents, and complying with data privacy laws. Ultimately, email is and will remain the no. 1 communication channel, especially in the world of business.
Besides helping meet compliance requirements, companies stand to benefit in other ways when using a professional email archiving solution. Find out everything there is to know in our blog “Email Archiving –An Overview for IT Decision-Makers” or download our free white paper “Guide to Email Archiving”.
Or, if you’d like to put our email archiving solution to the test, download our free, 30-day trial version right now and convince yourself of the benefits to be had from professional email archiving.
Source: MailStore
Organized ransomware isn’t slowing down – in fact, a group just discovered a month ago is already responsible for dozens of attacks – and they are experts at discovering weaknesses we miss. With so many sophisticated new security tools and so much stack investment, how do we continue to play catch-up to roving ransomware groups?
Because the reality is, we’re all prone to making mistakes.
The 2023 Verizon Data Breach Investigations Report (DBIR) confirms that 74% of all breaches are attributable to human error. From non-technical employees to system administrators, every member of an organization is capable of unintentionally assisting attackers. Security misconfigurations abound, vulnerabilities go unchecked and unpatched, and ransomware happens.
What organizations need to complete their security strategy – often replete with advanced architecture and savvy experts – is a simple, elementary-school trick:
Check your work.
Errors are common the first time through, especially when your SOC is stretched, resources are limited, and millions of alerts compete for your time. But offensive security measures are one way to make sure that when mistakes do occur, you’ll be the one to catch them.
And you won’t catch them too late.
Vulnerability Scans
The first thing you’ll want to do is vet out the low-hanging fruit: vulnerabilities. There are thousands of them out there, many of which are easily exploited, providing attackers with a way to gain initial access, escalate privileges, pivot throughout the environment, and more. Exploiting vulnerabilities is such a common ransomware tactic that CISA began the Ransomware Vulnerability Warning Pilot, a proactive CISA initiative that uses public and commercial data resources to identify systems that contain security vulnerabilities commonly associated with ransomware attacks and notifies those that may be at risk.
Often resulting from a flaw within or misconfiguration of an asset, vulnerabilities might as well be front doors for attackers. However, Vulnerability Management tools can identify these weaknesses so they can be easily patched. You just need to know where – and what – they are. Vulnerability scanning is now considered so vital to cybersecurity that it is required for many different compliance regulations, including PCI DSS, HIPAA, and SOX.
Pen Tests: Social Engineering Tests
Pen testing leverages the same tools, tricks, and techniques at threat actors to exploit vulnerabilities and determine how much damage such an attack could inflict. As you might have guessed, one of the most common and effective tactics attackers use to deploy ransomware is to go phishing.
Who hasn’t fallen for a fake “WebEx” email or “UPS” asking for a quick confirmation of your account information? These tried-and-true social engineering ploys brilliantly skirts around our sophisticated security defenses and hits us where it hurts: human judgement. While always fallible, even this can be improved.
Social engineering tests can identify who is susceptible by imitating a real phishing campaign and tracking who and what they’re clicking on. Some employees may be more susceptible to emails that are trying to get malicious code past the perimeter through an email attachment, while others may be more likely to share their credentials by clicking an email link that takes them to a spoofed version of a website they commonly use.
Letting staff know you’re running regular social engineering tests can help train them to always be vigilant with communications they receive. Additionally, tailored Security Awareness Training (SAT) can shore up security awareness for employees who need it, and results can be improved. One global manufacturer saw phishing click-through rates plummet from nearly 40% to under 15% after company-wide training.
Red Team Engagements: Testing All Angles
Security teams are the first responders to a ransomware attack. As such, they need to be prepared.
Red teaming tests the readiness of your SOC as much as it tests malicious post-exploit possibilities. In essence, a red team engagement is a test of an organization’s total operational mettle. While pen tests tend to focus on a more finite scope, red teaming is more goal oriented, focusing on an objective like gaining root access or stealing sensitive data.
Red teaming is also a real fire drill for the security team, which can serve as an excellent training exercise. Vulnerability scans and pen tests, while necessary, do not replicate the real-time drama, creativity, or extent of a genuine attack. Running a full ransomware testing scenario gives security teams not only the awareness of how they do respond in the moment, but the experience to know how they should respond when the real one hits.
Offensive Security with Fortra
Consistency is key for cybersecurity to work as advertised. The problem isn’t the tools, the time, or the talent – although they do contribute. As the most recent Verizon DBIR reiterates, most of the problems occur between the chair and the keyboard. And it’s only human.
However, so is preparation and improvement. Offensive security habits are a necessary part of any security strategy and they need to be ongoing. Every change is an opportunity to create a new attack vector, whether it’s onboarding a new employee, introducing new tools, or adding additional hardware. Everything and everyone needs to be checked, early and often.
And regularly running assessments not only helps to determine the state of security, but also puts the human element to the test. Fortra’s range of offensive security solutions – from vulnerability management to pen testing to red teaming– provides the preparation organizations need to make sure their technology and teams are ready for a real-world attack.
Source: Fortra
How you use a password manager varies slightly depending on which password manager you have. However, they all have similar functionality. To use a password manager, you first have to set your master password, set up your multi-factor authentication methods, export and import your current passwords, download the necessary apps and create new strong passwords for each of your accounts.
Continue reading to learn more about using a password manager and why using this tool is a good idea for securing your accounts.
Is It a Good Idea To Use a Password Manager?
A password manager is a tool that aids users in generating, managing and securely storing passwords and other sensitive data. Using a password manager is one of the best ways to keep your accounts secure. Without a way to securely manage or store passwords, people fall into the bad habit of reusing passwords or using variations of the same password across multiple accounts. This is a dangerous practice because it makes all of your accounts more vulnerable to being compromised if one of your passwords is compromised or leaked in a data breach.
Should I use my browser’s password manager?
A browser password manager is a password manager that is integrated into a web browser such as Chrome or Safari. Using your browser’s password manager may seem convenient, but that convenience makes your accounts more vulnerable. While browser password managers store passwords in encrypted databases, they hide the encryption key in predictable locations. If a cybercriminal were to install malware onto your device, such as spyware, they would be able to see all your saved passwords in plaintext since the encryption key is left unprotected. If a cybercriminal were able to gain physical access to your computer, or if you logged into your browser on a public computer, they can also just open the browser password manager to see all of your passwords.
Standalone password managers often offer more security than browser password managers because they are designed with security as the priority – browser password managers are not. However, you should still research the password managers you’re considering to ensure they have top-of-the-line cybersecurity, including zero-knowledge encryption and a history of being trustworthy.
How To Use a Standalone Password Manager
Here are the steps to using a standalone password manager.
1. Create a master password
Once you’ve chosen a password manager, the first step you’ll need to take is to create a master password. Your master password is the most important password you’ll create and have to remember since it’s the password that gives you access to your vault. It’s recommended that your master password is at least 12 characters long and includes a combination of letters, numbers and symbols. The longer and more complicated your master password is, the better.
When creating your master password, make sure you’re able to remember it. One way you can do this is by creating an acronym. To create a master password using an acronym, you’ll want to think of a phrase that’ll be easy for you to remember.
As an example, we’ll use the phrase “I enjoy going to the beach in the Summer because of the nice weather.” To create an acronym out of this phrase, you take the first letter of each word and use it in your master password. Remember to use a combination of upper and lowercase letters, numbers and symbols. The master password we can get out of this phrase is “I3g2TB|t$b0tNW.” You can add even more symbols to complicate the password.
2. Enable Multi-Factor Authentication (MFA)
Multi-factor authentication is an extra layer of security you can, and should, add to your account. After creating your master password, you’ll be asked if you want to enable MFA for your password manager – we strongly recommend you enable it. MFA will help ensure that no one but you is able to access your account. Some MFA methods we recommend you use are the following:
- Security keys
- Authenticator apps
- Biometric authentication
Along with securing your password manager with MFA, we recommend enabling 2FA on your other accounts, where possible. The more verification factors on your accounts, the more secure they’ll be.
3. Export and import your passwords
You’ve most likely used a password manager before without knowing, such as your browser’s password manager. While a browser does have the ability to save your passwords, browser password managers can be easily compromised.
If you have passwords saved in your browser’s password manager, you can easily export and import them to a more secure option. The process of doing this may vary depending on the password manager you have so we recommend you consult your password manager’s guide to help you throughout the process. To import passwords from your browser, the process also depends on which password manager you’ve chosen. The video below is an example of what the process of importing would look like if your chosen password manager is Keeper.
Once you’ve successfully exported and imported your passwords into your password manager, make sure to delete the saved logins from your browser. The only place your logins should be saved is inside your password manager’s encrypted vault.
4. Download the browser extension and apps
Password managers offer a variety of options to access your digital vault. For example, some password managers offer you the ability to download their browser extension, mobile apps and an application for your computer. Download what you think you’ll need to make accessing your vault convenient on all of your devices.
5. Create new, strong passwords
Once your account is all set up, you should change your passwords to ones that are strong and unique. The idea of changing all your passwords may feel daunting at first, but a password manager makes it easy for you. We recommend downloading your password manager’s browser extension to make the process of changing your passwords easier.
With the help of a password manager, you’ll be able to automatically generate strong passwords for each of your accounts. When your passwords are updated, your password manager will prompt you to save the new password into a record in your vault. If you choose to save the website address into the same record, your password manager can autofill your credentials whenever you visit the URL that matches the one stored in the record.
If you have a lot of accounts you need to secure with strong passwords, it’s best to start with the most critical ones like your bank or accounts that have been compromised in data breaches.
6. Monitor your passwords
Once you’re all done setting up your password manager, the only thing you’ll need to do moving forward is have your password manager assist you when creating new accounts. You may also want to purchase an add-on to your password manager known as dark web monitoring. With dark web monitoring, you’ll be immediately notified if any of the credentials stored in your vault are involved in a data breach. This allows you to update your password right away, so you can secure your account to protect your data.
The Importance of Using a Password Manager
While the thought of moving all your passwords to a password management solution may feel overwhelming at first, most password managers make importing your passwords a seamless experience. Once you’re all set up with your new password manager, your online life will become a lot easier and safer because password managers offer both convenience and security.
If you have yet to choose a password management tool that fits your needs, learn what to look for in a password manager.
Source: Keeper Security
We are excited to start the early access program (EAP) for Sophos DNS Protection for networks. This new cloud-based service is part of our growing suite of Secure Access Service Edge products and services, expanding upon what we started with Sophos ZTNA and Sophos SD-WAN Orchestration.
Enhanced internet and web security
Sophos DNS Protection adds another layer of security to every network. It works to instantly block access to unsafe and unwanted domains across all ports, protocols, and applications at the earliest opportunity – from both managed and unmanaged devices.
DNS Protection perfectly complements and augments your existing network security and policy enforcement tools – from Sophos or any other vendor. DNS Protection can be deployed in a few minutes: it’s never been easier to roll out additional security to your organization.
Sophos DNS Protection is a globally accessible domain name resolution service with integrated policy controls and reporting in Sophos Central. It’s backed by SophosLabs’ real-time threat intelligence, protecting your organization from malicious domain activity and allowing you to enact policy for domain categories or domain lists.
By using Sophos DNS Protection in place of your existing public DNS resolver, you can prevent any devices on your network from accessing domains associated with security threats and other unwanted websites controlled through policy.
DNS Protection complements the protection provided by the other security features of Sophos Firewall. Deploying it on a network protected by Sophos Firewall provides an additional layer of protection that ensures all protocols and ports are protected against accessing risky or inappropriate domains.
Integrated reporting
Sophos DNS Protection provides in-depth visibility into the domains visited from your network, with comprehensive dashboarding and reporting.
Protection for networks
In this initial release, policy selection and access to the DNS Resolver are based on the originating public IPv4 address of the DNS queries. Hence, protecting individual devices that move from network to network (or site to site) is inappropriate. Dynamic IP addresses are supported when used with a dynamic DNS provider.
As we expand our Security Service Edge services, we plan to integrate with the endpoint, providing DNS protection and other network-oriented security services for roaming devices, wherever they are.
Cross-product integration
In addition, Sophos DNS Protection’s log data and intelligence are shared with Sophos Data Lake for Sophos XDR and MDR threat-hunting analysts to help detect active adversaries and threats operating on the network. Please look for additional updates on the XDR integration as the EAP progresses.
Included at no extra charge for Sophos Firewall customers with Xstream Protection
The initial release of DNS Protection is being added to our Xstream Protection bundle, providing additional value to this already amazing suite of protection solutions for our existing Sophos Firewall customers.
Getting started
Getting started with Sophos DNS Protection is easy. Update your existing DNS configuration by pointing your devices or local DNS servers to our global anycast IP addresses, tell us about your locations in your Sophos Central account by entering your networks’ public IPv4 address(es), and then provide your feedback.
To get started, complete this registration form. Once you’ve done that, we’ll email you with our Getting Started guide and all the information you need to get up and running.
After that, please drop by the Community Forum to share your experience with other participants or tell us about your experiences through the in-product feedback link.
Source: Sophos
As the online shopping season ramps up in many parts of the world, these ten top tips will help you maintain your privacy and safety so you can shop with confidence.
- Use an ad blocker – Advertisements are not only tracking your every movement and collecting enough information on your habits to make the FBI blush, but they are also a major source of malicious links and deceptive content on the internet. Not only is your browsing safer, but also faster and uses less bandwidth. Two of our favorites are uBlock Origin and Ghostery.
- Use private browsing or incognito mode – To prevent your shopping habits and interests from following you around from site to site (and potentially revealing what gifts you might be purchasing to others using your device, bonus!), you should enable private browsing (Firefox) or incognito mode (Chrome). This will block tracking cookies and help the internet forget your travels as the waves wash away your footprints in the sand.
- Make your browser “privacy smart” – The Electronic Frontier Foundation (EFF) provides a browser extension called Privacy Badger designed to automatically make all the right choices around browsing whilst maintaining our privacy and blocking invisible trackers.
- Avoid using one account on multiple services – When logging into an e-commerce site it is often tempting to use the “Sign in with Facebook” or “Sign in with Google” button. While it takes a few more minutes to create a new login, it will provide more privacy as you are not sharing all of the sites you shop at with these tech giants.
- Use guest login when available – In addition to letting you use an account from other websites, many have an option to use a guest login rather than creating a new account. This is a great option if you don’t expect to need technical support or to do business on a recurring basis. Fewer passwords, fewer personal details, fewer problems if they get hacked.
- Don’t save card details – Many e-commerce sites will default to storing your credit card information in your profile for your “convenience” (or their hope you’ll shop there again). They can’t lose what they don’t have, so tell them not to store your credit card unless it is absolutely necessary.
- Use temporary card numbers – Many financial institutions now offer temporary or one-time use credit card numbers. You can open the app on your phone or in your browser and get a single-use disposable credit card number preventing card fraud and tracking when merchants share card processors. Sometimes you’re even able to specify a card limit per temporary number to further protect your account.
- Use credit, not debit – All of us need to be wary of overspending during the holidays, but it is best to leave the debit card at home. Credit cards offer significantly more protection against online fraud, and you are in the power position in a dispute. You can simply not pay your bill while disputing the charge, rather than having criminals directly drain your bank account of your hard-earned cash.
- Beware of direct messages via social media/chat apps – With modern generative AI technology it is almost trivial to create an entire fake online store and lure people to share their personal information and payment data with you. It’s safest to shop at established sites or those personally recommended to you by friends and family. Many unsolicited messages lead to data collection or theft.
- Don’t click deals in email that look too good to be true or are from businesses you don’t have accounts from – these could be phishing emails hoping to bait you into clicking links to bogus, malicious web sites.
Source: Sophos
It may not seem like it, but humans have been using some form of biometric authentication since ancient times. For example, handprints and fingerprints have been used to sign contracts or seal deals for centuries; these can rightly be considered very early prototypes of biometric authentication.
However, we have seen a boom in the use of more advanced biometric authentication technologies in recent years. From facial recognition technology that allows you to pass through national security borders to temperature and cybersecurity screening in a post-pandemic landscape, biometric authentication is used just about everywhere these days.
So what should we be aware of as the possible uses of biometric authentication technology expand? This article will look at what biometric authentication is and what it is used for. Then we will explore the benefits of this evolving technology and the challenges that will need to be addressed as the use of biometric authentication continues to grow.
What Is Biometric Authentication?
Biometric authentication is a method of using unique biological markers to verify or validate someone’s identity. Methods of biometric authentication can include:
- Fingerprint scanning
- Retinal scans
- Iris recognition scans
- Facial recognition screening
- Scent identification
- Voice recognition analysis
- Hand geometry analysis
- Finger vein scanning
- Thermodynamic biometrics matching
- Gait identification
- Keystroke matching
- DNA identification
- Ear shape analysis
- Signature confirmation
Some analysts categorize biometric authentication into two distinct groups. The first category of analysis and recognition includes biological markers, such as fingerprints, scent, or hand geometry. The second category includes behavioral dynamics, such as how someone signs their name or how they walk, as a form of biometric authentication.
How Does Biometric Authentication Work?
Biometric authentication works by first gathering biometric information from the person whose identity needs to be verified. For example, data can be gathered using a contactless camera that scans the person’s face to collect imagery or a fingerprint scanner that collects multiple views of the person’s fingerprints.
Once this initial image has been collected, it is translated into a unique string of numbers. That code is then sent to a vast database of stored number codes to see whether it matches the specific code already on file for that person. Since each biometric feature is extremely difficult to falsify, this unique code should be able to confirm and identify the individual securely.
What Is Biometric Authentication Used for?
In the broadest terms, biometric authentication is used for any situation where someone’s identity needs to be verified securely. The most common biometric data analysis and screening methods used for authentication purposes are fingerprint scanning, facial recognition screening, vocal recognition, and finger vein or palm pattern matching.
Biometric authentication is used by large-scale organizations, including government agencies and global financial institutions. Airports now use facial recognition technology and fingerprint analysis as part of regular security screening operations at international borders. Shopping malls collect biometric information to monitor entrances and exits and track pedestrian activity.
Organizations can use biometric authentication to secure access to restricted documents, making it an invaluable tool for in-house HR departments. Individuals use biometric authentication to access personal accounts, including logging into laptops and smartphones, verifying identity for specific apps, and confirming payments on Apple Pay for iOs users.
Individuals can also use biometric authentication to access financial and crypto accounts, enabling them to access their crypto funds without lengthy passwords. For example, many people use liquid staking to lock their crypto holdings on a proof-of-stake network (such as Ethereum) while still earning rewards on their holdings. The holdings can be secured and only accessed by the depositor via biometric authentication.
Some applications also use biometric authentication to validate user identities. Online dating apps, in particular, use this technology to keep digital romances secure. During the global coronavirus pandemic, biometric data collection became an essential part of monitoring health information and helping to contain the spread of the virus. Biometric data collection, including information about body temperature and health statistics, continues to be used by many public institutions today, especially in the healthcare sector.
The Benefits of Biometric Authentication
Biometric authentication provides several compelling benefits for individuals and organizations alike. The primary reason to use it is the boost in security biometric authentication provides. Since specific biometric characteristics are extremely hard to falsify, biometric authentication can greatly reduce the risk of identity theft or fraud.
In addition, individuals no longer need to create, maintain, and remember lengthy passwords for each separate account and access point. You carry your face and fingerprints with you wherever you go, making identity verification much smoother. You can lose a pair of keys, but except in very extreme circumstances, you will not lose your fingerprints, so your authentication will be secure no matter where you are.
Most biometric authentication processes are simple and intuitive. They do not require users to create an account with specific login details that they must enter each time or provide a particular access code to gain entry to a restricted space. Individuals simply follow instructions, look into a camera or press their palms on a scanner, and then walk through the gate that automatically opens.
Similarly, with laptops and smartphones that use fingerprint authentication, users simply scan their fingerprints, and the account opens for them. When it works correctly, the process is seamless and efficient and saves time.
The Challenges Facing Biometric Authentication
While biometric authentication has grown in popularity in recent years, the field faces many challenges that will need to be addressed as the technology continues to develop.
Implicit Biases
Many human rights advocates have identified that some biometric authentication methods contain troubling and deeply problematic implicit biases. Since facial recognition technology draws from existing data sets that may contain built-in racism or gender bias, the technology reflects these issues. The datasets tend to display images that are 77% male and 83% white, which is a gross misrepresentation of the general demographics of any country.
Transgender and gender non-binary individuals may be miscategorized by physiological identification tools. And there have been a disturbing number of incidents where facial recognition scanners have not recognized Asian or African American individuals or have identified them incorrectly.
In the UK, for example, Uber has implemented a policy that uses facial recognition software to identify its drivers. All Uber drivers already have to go through security and verification processes, but because of this policy, Transport for London (TFL) has revoked drivers’ licenses over negative recognition results, which have come about because these drivers have brown skin.
Privacy Concerns
Many security watchdogs have raised serious concerns over the vast amounts of data collected without consent by government agencies and public institutions as part of biometric authentication processes. Many argue that individuals should maintain the right to privacy over their image and should not have to submit to providing their facial features or other biometric details to be stored in government databases.
Security presents another facet of concern. These huge storehouses of biometric information provide enticing targets for bad actors interested in wreaking havoc on a large scale. If hackers can gain access to biometric data storehouses, they could easily disrupt confidential security systems and enact widespread campaigns of fraud and identity theft. Encryption methods are used to prevent this type of attack, but there are still widespread concerns over the security of so much sensitive biometric data.
Physical Alterations
If only one type of biometric authentication is used for providing access to specific apps, devices, documents, or locations, then individuals run the risk of losing access to these restricted spaces if something happens to alter their physical characteristics. Individuals who are in an accident that changes their facial features may no longer be recognized by the biometric database analysts, which could result in them being locked out of their accounts.
Similarly, if a person suffers severe burns on their hands, their fingerprints may no longer be readable to the scanners, leaving them without recourse to access their accounts. For this reason, a combination of authentication factors is key for any secure account.
Final Thoughts
While biometric authentication creates a simple, straightforward, highly secure approach to identity verification, it still faces many challenges. As the technology continues to develop, and as organizations at every level continue to embrace this method of user validation, there are certainly challenges that will need to be addressed.
Developers will need to make some changes to ensure that implicit biases are erased from the system, creating a more inclusive dataset that will not result in the miscategorization of dark-skinned or transgender people. Governments – or human rights protection agencies – will need to create policies to regulate what kind of information is collected by who and ensure that individuals have the right to give or revoke consent over the collection of their biometric information.
But with these regulations and the evolution of technology, we can expect to see biometric authentication methods expanding into ever more aspects of our everyday lives.
Source: GlobalSign
It’s a big world out there, and cybercriminals know you don’t have time for everything. A common fallacy is that they’re lurking in dark basements, bending their brands to maximum capacity to create highly sophisticated exploits that blow any current security system out of the water. More often than not, they’re not.
Criminal hackers go after the low hanging fruit and try the easy road before taking the hard one. All too often, that easy road is us. The Verizon 2022 Data Breach Investigations Report notes that 82% of all breaches involve the human element, and that’s us messing up when we should have known better. Thanks to security awareness training programs, we can.
Not to be underestimated, locking down security awareness across your enterprise can shut a huge door hackers use to get in. While it may seem like “soft skills” to some security hardliners, the data shows that improvements in this area can have huge, exponential results.
Underestimate Security Awareness at Your Own Risk
Simple security hygiene mistakes are the first thing hackers exploit because they’re the last thing we think to mind. Those simple slip-ups are where the trouble comes through, and it happens all the time.
Take social media for example. Online impersonations were the top social media threat in Q4 of last year, and a general lack of security acuity is why. Consider the facts:
- There were 19% more social media attacks against organizations in Q4 2022 than Q4 2021
- Impersonation was the top threat vector, raking in over 36% of the traffic
- Cyber threat (34%) and Fraud (28%) followed
Impersonation was such a hot pick because it’s so easy to do. It doesn’t take much to scalp a few logos and spin up a fake Twitter account under a company’s name. From there, you can advertise “sales” or masquerade as one of the company’s executives, leading innocent users towards ultimate credential compromise or financial fraud in the process. This hardly ends well. A bit of security awareness training could teach users to avoid these kinds of mistakes, spot the tell-tale signs, and keep their names (and company data) safe.
To support an overall security awareness boost, the President and Congress instituted March as National Cybersecurity Awareness Month back in 2004. Right for its time, it’s become even more relevant as the years have gone on. Sophisticated cybercriminals are still out there, but by and large, the increase in as-a-Service exploits hints that there’s another, less savvy, group that’s incredibly active. That group goes for the low-hanging fruit, the simple mistakes, the things that lead to 82% of breaches and that could be drastically reduced with a little “soft-skills” training.
Security awareness training is one of the best kept secrets of shoring up a zero-trust strategy. It patches the holes in the boat before you spend a ton of money on fancy new fixes that will ultimately sink. The best-in-business rely on it and make it part of their security necessities.
Take the following two examples.
Case Study 1: 42% of University Students in Anti-Phishing Training
In an environment where everyone understands the implications of a failing grade, it’s no surprise that many pushed back when their Canadian university wanted to implement mandatory security training. Faculty and staff feared the repercussions of not passing the simulation, and departments rejected phishing training en masse for fear that they would make students afraid to open any email at all.
However, when cybersecurity goals are integral to meeting 20-year institutional objectives, the need for some sort of security education becomes evident. Faculty and students had been receiving higher-than-average amounts of phishing emails and the school wanted to create an environment of awareness that could make each user a stopping point against attacks.
Partnering with Fortra’s Terranova Security, this school developed a voluntary security training campaign with an initial goal of 5% participation. By presenting principles in a low-stress, learning-only environment, participants were able to engage with modules geared towards users of all technical backgrounds. This reduced the fear of failure or judgement and lead to honest outcomes.
Using the Terranova Security Awareness Program, the university was able to manage and track their training initiative, meeting their desired 5% participation rate. They had planned on gradually increasing the rate to 15%, but the launch of their initial campaign created such momentum that on last report there were 17,000 out of 40,000 students reached: a total of 42%.
The real indicator of success may be beyond the numbers. Security awareness is a state of mind, and students at this particular institution now have a new topic to throw around: Says the university CISO, “They call me Mr. Phishing. They see me and say, ‘you didn’t get me this time!’”
Case Study 2: Manufacturers Get Onboard with Cybersecurity
As the previous case study showed, the end result of a job well done where security awareness training is concerned, is more security awareness. One manufacturing company managed to integrate training so successfully among a decentralized, multi-lingual workforce that the workers found themselves slipping into safe practices at home: Now that’s an indicator of success.
This private manufacturing business had employees across several different countries and security awareness training was always an issue. Found mostly in English-only modules (with few translations), previous solutions failed to give them the coverage they needed.
“The number one goal was to increase employee involvement. Being able to offer the courses in languages each team member understood added value,” noted one Information Security Manager at the company.
For this they turned to Fortra’s Terranova Security. They not only got real-time phishing scenarios, but access to a comprehensive library full of training materials developed in different languages. With this, they were finally able to design a security program that reached company-wide and included pre-training baselines, monitoring within a learning management platform, and metric tracking through customized phishing tests and quizzes.
However, security training that sticks also involves a long-term plan, which is why the company leveraged Terranova Security professional services to get them started on the Information Security 5-Step Framework and establish a routine way of testing users, every time.
The result? Adoption across all sectors of the business, “from people working in the warehouse to the CEO” as one Information Security Manager put it, and an eventual 80% participation rate.
But were they learning anything? The stats indicate so: Phishing click-through rates decreased from nearly four in ten to under 15%, and the number of suspicious emails reported shot up from only 25 to over 500 per year.
Case in point: If you’ve heard others say security awareness training “doesn’t do much,” they probably weren’t using the right one.
What a World-Class Security Awareness Program Looks Like
While all security awareness trainings arguably do something, it’s a fact that they’re not all created alike. There are several components that set a best-in-class security awareness program apart from all the rest.
- Engaging. People won’t learn if they don’t listen, and they won’t listen if it doesn’t hold their interest. Keeping things light, informative, and entertaining goes miles for user retention.
- Gamified. Passive listening is turned into proactive learning when people are asked to solve puzzles, so gamifying real-world scenarios put users at the center of the action and test their real-world knowledge.
- Metrics-driven. As much as awareness training seems like a “soft sport”, results are measured in more than anecdotes. The best programs provide in-depth reporting and analytics on a centralized dashboard.
- Cutting-edge. You want your security awareness training provider to be on the edge of every malicious advancement and be constantly updating its material, so your teams stay ahead of the latest threats.
- Year-around. Effective programs build in the expectation that security awareness is a continual event. Because threats are constantly evolving, it has to be.
Source: Terranova Security
We are extremely pleased to announce that Sophos Firewall v20 is now available. This latest release includes an innovative new active threat response capability, several networking enhancements, added support for securing your remote workforce, and many of your top-requested features.
Sophos Firewall v20 is a free upgrade for all licensed Sophos Firewall customers.
Watch the video below for an overview of what’s new, download the What’s New PDF, or read on for the full details and deep-dive demo videos.
Active Threat Response
Extending Synchronized Security to MDR and XDR provides a direct feed for security analysts to share active threat information with the firewall, enabling it to automatically respond to active threats without creating any firewall rules.
Dynamic Threat Feeds introduces a new threat feed API framework that is easily extensible. It enables threat intelligence to be shared by the Sophos X-Ops team, other Sophos products like MDR and XDR, and ultimately third-party threat feeds in the future.
Synchronized Security extends the same Red Heartbeat, automated response that Sophos Firewall has always had and applies it to MDR/XDR identified threats. This ensures compromised hosts are not able to move laterally or communicate out, while details including host, user, and process are readily available for follow-up. Synchronized Security has also been enhanced with added scalability and reduced false missing heartbeats for devices that are in sleep or hibernation states.
Watch the Active Threat Response demo video.
Remote worker protection and SASE
ZTNA gateway integration makes ZTNA deployments even easier by integrating a ZTNA gateway directly into the firewall. This means any organization that needs to provide remote access to applications hosted behind the firewall doesn’t need to deploy a separate gateway on a VM. They can simply take advantage of the gateway integrated into their firewall. When combined with our single-agent deployment on the remote device, ZTNA couldn’t possibly get any easier. It’s literally zero-touch zero trust.
Third-party SD-WAN integration makes it easy to onramp SD-WAN traffic onto Cloudflare, Akami, or Azure backbone networks to take advantage of their enormous infrastructure, reach, and networking and security services.
Sophos DNS Protection is our new cloud-delivered web security service that will be available separately in early access very soon. It provides a new Sophos-hosted domain name resolution service (DNS) with compliance and security features that are fully supported by Sophos Firewall. This service provides an added layer of web protection, preventing access to known compromised or malicious domains across all ports, protocols, or applications – both unencrypted and encrypted. More news on this new service is coming soon.
Network scalability and resiliency enhancements
A new VPN portal provides a containerized, hardened self-service portal for end users to download VPN clients and configurations, auto-provisioning, and clientless VPN bookmarks.
IPsec enhancements include seamless HA failover, tunnel status monitoring via SNMP, unique PSK support for the same local and remote gateway connections, and DH Group 27-30/RFC6954 support.
SSL VPN enhancements include FQDN (fully qualified domain name) host and group support for both remote access and site-to-site SSL VPN.
SD-WAN scalability triples SD-WAN gateway scalability to 3072 gateways and the number of SD-WAN profiles to 1024.
IPv6 enhancements include DHCP prefix delegation to seamlessly integrate with your ISP and new enhancements to the dynamic routing engine now support BGPv6 for improved IPv6 interoperability.
Watch a video overview of the VPN enhancements or the IPv6 BGPv6 and DHCPv6 capabilities.
Streamlined management
Interface enable/disable delivers a top-requested feature to easily disable or enable network interfaces on the firewall without losing any configuration.
Object reference lookup addresses another top-requested feature to find where a given host or service object is used in rules, policies, and routing.
Hi-res display support adds increased horizontal scalability to the management console to take advantage of high-resolution displays and reduce horizontal scrolling.
Auto-rollback on failed firmware updates reduces any disruption, including high-availability deployments.
Backup and restore now includes the option to restore a backup from a firewall with integrated Wi-Fi to a firewall without Wi-Fi.
Azure AD SSO for captive portal adds support for user authentication on the captive portal using their Azure AD credentials.
Azure group import and RBAC add support for a new import assistant for Azure AD groups and automatic promotion for role-based admin changes.
Watch videos covering the new management features and Azure AD capabilities.
Other enhancements
Web Application Firewall (WAF) enhancements include geo IP policy enforcement, custom cipher configuration, and TLS version settings, as well as improved security with HSTS enforcement and X-Content-Type-Options enforcement.
Azure Single Arm deployment support enables the choice of a smaller instance size to save on infrastructure costs and reduce network and operational complexity.
Get more details on what’s new
Download the full What’s New Guide for a complete overview of all the great new features and enhancements in v20.
Review the release notes and documentation.
Watch the demo video series:
- What’s New Overview
- Active Threat Response
- VPN Enhancements
- IPv6 BGPv6
- IPv6 DHCPv6
- Management and Quality of Life Enhancements
- Azure AD Captive Portal SSO and Group Import
How to get v20
As with every firewall release, Sophos Firewall v20 is a free upgrade for all licensed Sophos Firewall customers and should be applied to all supported firewall devices as soon as possible. This release not only contains great features and performance enhancements, but also important security fixes.
This firmware release will follow our standard update process.
Please note that Sophos Firewall firmware updates are now downloaded from Sophos Central. Get the full details here or follow the quick guide below to get the latest v20 firmware for your firewall:
1. Log in to your Sophos Central account and select “Licensing” from the drop-down menu under your account name in the top right of the Sophos Central console.
2. Select Firewall Licenses on the top left of this screen.
3. Expand the firewall device you’re interested in updating by clicking the “>” to show the licenses and firmware updates available for that device.
4. Click the firmware release you want to download (note there is currently an issue with downloads working in Safari so please use a different browser such as Chrome).
5. You can also click “Other downloads” in the same box above to access initial installers and software platform firmware updates.
The new v20 firmware will be gradually rolled out to all connected devices over the coming weeks. A notification will appear on your local device or Sophos Central management console when the update is available, allowing you to schedule the update at your convenience.
Sophos Firewall v20 is a fully supported upgrade from any supported Sophos Firewall firmware version.
Check out the v20.0 GA release notes for more details, including the known issues list. Full product documentation is available online and within the product.
Source: Sophos
In today’s fast-paced, always-on era, businesses rely on round-the-clock data availability and enhanced performance to stay competitive. As such, even a short duration of system downtime, data unavailability, or even a reduction in nominal performance, can significantly impact the business.
While on one hand the amount of data being created, processed and stored is increasing rapidly, on the other, the demand for higher throughput and 24/7/365 performance of vital operations for business productivity is greater than ever before.
This begs the question: How would you, as an MSP, ensure your clients’ business keeps running at the same speed in the event of a cyberattack, natural disaster, equipment failure or human error? Depending on unreliable, outdated backup and disaster recovery technology could result in performance lags and prolonged downtime, and could increase the risk of losing data to corruption. For MSPs, having a reliable business continuity and disaster recovery (BCDR) solution is critical to delivering the same level of functionality and performance of systems and processes during disaster recovery as in normal circumstances.
Today’s demanding workloads require advanced BCDR solutions with high-performance disaster recovery capabilities, such as Datto SIRIS NVMe SSD models that are purpose-built for MSPs to ensure their customers’ business is always running and resilient to disasters.
MSP challenges
Resource-intensive production workloads, such as database servers, require similar, superior performance from the disaster recovery (DR) infrastructure to ensure the continuity of user and business experience. For example, let’s say your client’s production environment uses solid-state drives (SSDs) for high-performance workloads. In that case, the DR infrastructure should match the performance of production workloads to meet strict recovery time objectives (RTOs) and client expectations.
NVMe SSDs allow ultrafast read-write and input/output (I/O) performance compared to traditional spinning hard disk drives (HDDs) or cheaper SATA/SAS SSDs. However, NVMe-based hardware can be costly, requiring MSPs and clients to carry significant capital expenditures (CapEx) upfront. It may be challenging to convince MSP leadership to invest more in an infrastructure that sits idle most of the time. The high costs of implementing superior BCDR solutions for clients with stringent RTO and performance requirements also result in MSPs settling for lower profit margins, often due to the prohibitive CapEx costs of premium hardware.
Win new clients and improve margins with Datto
MSPs can improve client satisfaction and create new revenue streams by delivering on requirements of demanding production workloads with high-performance on-site and cloud DR infrastructure based on NVMe SSD-based all-flash technologies.
Datto allows MSPs to implement highly efficient on-site and cloud DR for resource-intensive workloads, like database servers that require a lot of power and resources.
Datto SIRIS NVMe SSD models combine up to 10 times performance boost, rugged reliability and priority access to DR-optimized cloud nodes in the Datto Cloud for MSPs to deliver on requirements of even the most demanding clients, including meeting tight RTOs and protecting critical workloads.
While NVMe SSD-based servers can be costly, Datto SIRIS NVMe SSDs eliminate CapEx costs, allowing MSPs to save tens of thousands of dollars compared to other solutions requiring the purchase of own/their hardware and use of hyperscale clouds. For instance, it can cost up to $10,000 or more to perform a DR of a high-performance server in AWS or Azure.
In addition, Datto’s flat-fee subscription model gets rid of unpleasant surprises of hidden costs by including DR/backup cloud, hardware, software, storage and technical support, even for the premium high-cost hardware based on NVMe SSD technologies.
Source: Datto
A very important award for NSS this year came from one of its largest partners, Sophos. The well-known cybersecurity company presented the “Distributor of the Year 2023” award through its representative, Patrick Müller (Regional Manager Eastern Europe, Sophos) to the Executive Director of NSS, George Kapaniris, rewarding NSS’s performance in the Eastern Europe region where it also operates.
NSS Corp. is an international Value-Added Distributor (VAD), specializing in cutting-edge IT solutions covering the technology areas of information security, networking, unified communications, data storage, virtualization, and data center infrastructure systems (datacenters).
“NSS is a very loyal partner to Sophos and that loyalty and dedication is not something that is found everywhere. NSS represents Sophos in the Greek market and demonstrates a high level of technological sophistication. And this is exactly what partners are looking for from a distributor. In addition, it runs a business model that is highly satisfying to its partners on a business level. Our relationship with NSS is based on loyalty, trust and friendship, characteristics that are of real value to partners. It’s not just about sales, but also about the value that a distributor like NSS can bring at a business level” said Patrick Müller of Sophos.
The event for the “Distributor of the Year 2023” award was attended by dozens of partners of NSS in Greece. The event was accompanied by numerous briefings and updates on the latest developments in cybersecurity and the evolving threat landscape as well as on the important changes coming to legislation, directives and regulations in the European Union – most notably the implementation of the NIS 2 Directive, which brings new measures for an even higher common level of cybersecurity across the European territory.
The Executive Director of NSS, George Kapaniris said about the important award the company received: “We are honored, as this award concerns Eastern Europe, a large region where a big number of distributors are very active, something that is not the case in other regions of the continent. This is a very important achievement as we have been working with Sophos for many years,” said Mr. Kapaniris. “You can have faith in your capabilities, and know how good you are at your job, but when your own partners tell you, it becomes a belief. Sophos is a very important partner of ours and it is particularly positive that Athens is now a ‘destination’ – previously it was Prague and Budapest – as there are now few cities that the vendor chooses to visit,” he added.
George Koumintzis, Commercial Director of NSS said about the prestigious award: “With our partners we make sure we have a two-way relationship. They are our source of information about what the market demands at a given moment. From the opposite direction, by embracing the trends in global cybersecurity, we pass on information to them so that they can in return provide vision to their customers“.
The most important tips for password security include choosing long, complex, unique passwords, not storing them in easy-to-hack places and using a password manager.
Unfortunately, most people don’t follow best practices for password security. According to Keeper Security’s 2023 Password Management Report, only 25% of people use strong, unique passwords for all of their accounts. That means 75% of people have insufficient password practices.
The report revealed that one in three people globally feels overwhelmed by password management. If you’re one of those people, read on to learn our top five tips for easy password security that will keep your accounts safe from cybercriminals.
Top Five Password Security Tips
Here are our top five password security tips.
1.Create randomized, long passwords
To create a strong password, you must avoid mistakes that will make your password easy to crack through common password-cracking techniques. Short passwords are easy for robots to crack in just seconds. Dictionary attacks can guess passwords that contain dictionary words. Targeted attacks may find personal information on your social media – like your dog’s name – and use it to guess your password.
Length is more important than complexity according to the National Institute of Standards and Technology (NIST). It will be harder to crack a 20-character password even if it uses dictionary words than a completely random 6-character password. But, creating a password with both length and complexity is the most secure.
Our free password generator can create a strong password for you in seconds. Generate a Password
Every password should have:
- At least 12 characters
- Upper and lowercase letters
- Symbols
- Numbers
- No dictionary words
- No personal data, such as birth year or pet name
- No sequential numbers, such as 1234
- No repeated numbers, such as 8888
- No keyboard patterns, such as QWERTY
Example of a strong password (don’t use this one, it’s no longer secure because it’s public):
- BMOu#L8xc8ijX,#m>uzf
Examples of weak passwords:
- 7b>iCQ (too short)
- Blue17Freed!Dry (has dictionary words)
- KK8*K?Nr3456 (contains sequential numbers)
How to remember your passwords
Strong passwords are hard to remember, but you can make it easier by using mnemonic techniques, such as using the first letter of each word from a favorite quote with numbers and letters added in (“It was the best of times, it was the worst of times” becomes “iwtBot%72#iwtwot”).
You could also use words with numbers and symbols instead of letters (“dog bone” becomes “D0G#!B0N398”).
The easiest way to remember passwords, however, is by using a password manager and storing them in a digital vault with zero-knowledge encryption. A password manager is software that securely stores your passwords and allows you to access them from any device.
2.Don’t reuse passwords
One of the most common ways passwords are compromised is through credential-stuffing attacks. This is when one set of credentials is stolen and a cybercriminal uses them to try to gain access to other accounts.
For example, if a data leak exposes your password to your email account, the cybercriminal could then try to use the same credentials to access your bank accounts, retirement accounts, credit card accounts and so on. However, if you used unique passwords for each of your accounts, then only one account will be compromised.
It’s important to note that cybercriminals often guess similar passwords in credential-stuffing attacks. For example, if the compromised password was weakpassword8, they may try weakpassword9. Choosing a password that you change slightly for every account is not an effective way to prevent hacking, even if it’s a long, complex password.
3.Enable Multi-Factor Authentication (MFA)
Multi-Factor Authentication (MFA) is an important additional security layer to passwords that protects your account in the case of a data breach. MFA is a second method of authentication you have to enter in addition to your password in order to access an account.
There are a variety of MFA options, including generating codes on an authentication app, getting a code by SMS text or answering security questions. Usually, accounts will give you the option to require MFA only if you are logging in on a device that is not your personal, primary device.
Data breaches are common, so it’s easy for one of your passwords to become compromised. However, if you have MFA enabled then it will be much more difficult for a cybercriminal with your stolen password to access your account.
4.Store and share your passwords securely
Going through the trouble of creating long, complex passwords for your accounts will not protect you if you don’t store them securely.
The days of keeping all your passwords in your phone notes and sending them to others via text are over. Documents, texts, email and other common locations to keep passwords are easily compromised by cybercriminals.
Technology has solved the problem of storing passwords securely with password managers. A master password is the only password you need to remember to access all of your passwords.
How to store your master password
You should memorize your master password and not share it with anyone. If you absolutely must write it down somewhere, write it on a physical piece of paper and hide it in a safe or other highly secure location.
How to securely share passwords
Password managers will also make it easy to securely share your passwords – for example, if you want to share a Hulu password with your family, your password manager will be able to share it while keeping it safely encrypted.
Browser password managers
It’s important to note that secure password managers are not the same thing as browser password managers. Browser password managers are easy to hack and your passwords are not safely stored. We recommend disabling your browser password manager in your settings.
5.Automate everything with a password manager
A password manager like Keeper Password Manager simplifies password management while offering the highest level of security for all of your accounts. Password managers can:
- Generate strong, unique passwords
- Store passwords with the best encryption
- Automatically fill in your credentials when you log in
- Store 2FA codes so you don’t have to wrangle multiple devices while logging into an account
- Securely store other types of information, like confidential files and ID photos
- Scan the dark web for compromised passwords and alert you to change the affected credentials
Why Poor Password Management Puts You at Risk
Passwords are what stand between cybercriminals and your valuable, confidential data. Reusing passwords, using weak passwords and other bad habits will make it easy for a cybercriminal to hack you once you become a target.
If cybercriminals access your data, it could result in theft of money from your bank account, account takeover and even severe identity theft. These types of incidents are time-consuming and expensive to recover from.
Keep Your Accounts Protected
Using strategies for choosing strong passwords and storing them securely will keep your accounts protected. Keeper Password Manager is the simplest way to streamline your account security. Start a free 30-day trial today to see how we can protect your digital life.
Source: Keeper Security
Murphy’s law famously states that if anything can go wrong, it will go wrong. Security has long-since adopted this mantra and implemented zero trust as a coping mechanism.
When taken in full, it can present quite a challenge. But broken down into its various parts it becomes a manageable task, especially when guided by a security partner with the right toolset to take you through each advancing level of security maturity.
What Is Zero Trust?
Simply put, zero trust is the approach of “never trust, always verify”. This model assumes any user could have malicious intentions and that a cyberattack may already be underway. In other words, zero trust is the approach of erasing inherent trust and requiring constant and ongoing authentication and authorization for the users, services, and systems on the network.
The three basic tenants of a zero-trust strategy are:
- Always assume a breach
- Trust no one
- Verify everything
Even after verifying a user’s identity, the user in question still doesn’t have the “keys to the kingdom”. Zero trust approach denies total access to the user, opting instead to make them prove their identity layer by layer, step by step, continuously. By leveraging network segmentation and establishing micro-perimeters, zero trust measures only grant access to assets when a valid reason is presented for doing so.
How to Get Started
It’s important to recognize that zero trust is not a technology, but a journey. It includes tools and processes necessary to create an environment that requires full validation before granting access to sensitive data.
Thinking About Zero Trust
Tackling zero trust in a pragmatic, step-by-step approach can lead to better success than trying to overhaul your entire infrastructure at once. For example, you can start by establishing:
- What to protect. This can be critical assets, systems, software, and data.
- What to protect it from. Are your trouble spots over-privileged users? Poor password hygiene? External threat actors? Whatever it is, prioritize your areas of weakness before you begin.
- A reasonable starting point. Consider an iterative approach of tackling the problem system by system or in groups.
Zero trust is doing now what we were too naïve to do at the inception of the internet; define what is important and figure out how to properly defend it. Because we’re retrofitting old architectures into a new way of security, a lot of smaller steps and customizations need to be made before something can be considered fully ‘zero trust’.
However, each journey starts with a single step.
Vulnerability Management: The Backbone of a Zero Trust Strategy
The first step of that ‘iterative process’ is to define what the weak spots are. Once organizations have defined the parameters of what needs protecting and what the enemies are, vulnerability management is the logical next step.
This focuses on weaknesses within the infrastructure — not the access points. It identifies and prioritizes vulnerabilities, which require patching and misconfigurations that could be easily exploited. When it comes to vulnerability scanning, most organizations require a flexible solution that can take on the challenges of a hybrid environment without bogging down configuration.
And remember, the right results provide actionable insights to facilitate impactful remediation on the part of the organization.
Applying a Zero Trust Framework
No matter the size of your organization, it is best to move towards zero trust in steady, measurable steps. John Grancarich, Executive Vice President, Fortra, outlines a management process to achieve progress towards zero trust:
- Prepare for the journey towards a zero-trust security framework. Know the principles of zero trust, know the scope of your organization and its assets, and get together a team. You need to know what you’re working with.
- Classify your assets. Organize your areas of protection by the importance of the asset. Once you’ve established low, medium and high impact assets, prioritize from there.
- Select an initial set of assets to address. Protect your highest impact items first, pausing proactive zero trust security work on all the rest until this is done.
- Implement initial security controls. Begin choosing, deploying and testing your new zero trust compatible processes, procedures, technological solutions, and services for your identified subgroup.
- Assess the performance of your controls. Continuously make sure your implementations are running as expected.
- Authorize systems. Senior leadership signs off on security systems, privacy plans, and the whole operation thus far.
- Monitor results and refine as needed. Keep a constant watch on zero trust implementations from day one. Monitor for deviations, trigger actions based on conditions met, and reduce false positives discovered in monitoring.
At this point, you iterate the whole process over with the next highest priority assets on your list, and so on from there. In this way, companies can eat the zero-trust elephant one bite at a time, learning how to implement a zero-trust strategy with more accuracy, insight, and success each time around.
The State of Zero Trust Now and Future Predictions
Research by Cybersecurity Insiders and Fortra reveals how organizations are adopting zero-trust security into daily business flows. Currently, only 15% of respondents indicated zero trust network access (ZTNA) was “already implemented”. Another 9% said they had “no plans” to implement. While far from ubiquitous, it is safe to say that zero trust is a trend that will only increase among business leaders, and one that is garnering a great deal of critical thought.
Preferred ZTNA Tenants
When asked, there were several zero trust tenants that were most compelling to organizations. They ranked:
- Continuous authentication/authorization (66%)
- Trust earned through verification of entities, including users, devices, and infrastructure components (65%)
- Data protection (64%)
- End-to-end access visibility and auditability (61%)
- Least privilege access (60%)
Don’t Forget Devices
In our headlong rush to protect the enterprise, it’s easy to overlook the number of risks, threats, and vulnerabilities mobile devices introduce. While many stated the importance of data protection, mobile device management (MDM) and bring your own device (BYOD) was low on their lists of priorities. Understandably, BYOD is tricky to navigate as it relies on privacy yet can be difficult to control. As it stands, mobile devices continue to be a pain point for intrusion prevention and data loss prevention (DLP) efforts.
Secure Access Priorities
When it comes to achieving ZTNA, respondent companies prioritized in this manner:
- Multi-factor authentication/privileged account management (65%)
- Anomalous activity detection and response (50%)
- Securing access from personal, unmanaged devices (46%)
Securing Public Cloud
Traditional remote access solutions still aren’t up to the task of dynamically securing today’s distributed cloud environments. Consequently, the most mentioned workaround was “hair pinning” remote and mobile users through data centers to access public app clouds (53%). And shockingly, over a third (34%) have to publicly expose cloud apps to enable remote and mobile users, drastically increasing risk to the enterprise.
Benefits of a Zero Trust Security Framework
Adopting a zero-trust approach ultimately reduces the attack surface, statistically lowering the chance of attack. While that remains the most obvious benefit, others include:
- Support for compliance requirements
The closed connection tenant of zero trust helps prevent exposure of private data, helping to keep you in the clear with compliance standards such as the federal government’s NIST 800-207, the payment card industry’s PCI DSS, or the healthcare industry’s HIPAA and HITECH requirements.
- Better cloud access control
Zero trust security policies can be applied to give you more visibility and access control within the cloud. With protection attached to the workload, your data remains safe — even if the environment changes.
- Data breach risk reduction
By assuming all entities are hostile, an organization naturally cuts down on the chances of inadvertently letting in a cybercriminal. Less risky users means less chance of a data breach. And should they manage to get inside the network, zero trust deployments are designed to stop them at every turn.
Even starting on the zero-trust path is more beneficial than waiting on the sidelines. Each sector, each asset category, each system you convert to zero trust protection is one more that is harder to breach. Threat actors go for the low-hanging fruit. While organizations are wanting to fully ‘achieve’ zero trust, an unforeseen number of attacks will be blocked by simply making an entity that much harder to hack than all the rest.
Zero trust is a methodology that starts giving from day one.
How Fortra Supports Your Zero Trust Journey
Fortra is proud to move the needle forward by providing a host of solutions to aid you on your zero-trust journey. While each company’s architecture is their own, we serve as a relentless ally and partner in determining your security needs and identifying the controls that would work best with your particular use case, factoring industry, maturity level and headcount into the process.
Our offerings include:
- Data Classification. Visual and metadata labels to guide how data should be accessed and shared downstream.
- Data Loss Prevention. Learn how your data is being used and block undesirable actions against it.
- Secure File Transfer. Encrypt the automated file transfer process and bundle with DRM to fully protect files in transit.
- Secure Collaboration.Control who can access files — and what they can do with them — even after they’re sent.
- Identity and Access Management. Manage user access to valuable resources and streamline provisioning, PAM, and password management.
- Integrity Management. Identify misconfigurations and indicators of compromise with layered management tools.
- Vulnerability Management. Discover weaknesses in endpoints, servers, applications and security controls before it’s too late.
While enterprise wide zero trust is always the goal, there is no zero trust “finish line”. As long as threat actors continue to improve their craft, there will always be more exploits to defend against and more creative ways to do so. Zero trust is a process rather than a product.
Fortra enables organizations along their zero-trust journey. Our portfolio of extensive solutions works both conjointly and independently to bring you the best answer to your zero-trust challenge — be it with one solution or a bundle.
Source: Fortra
A 2FA code, which stands for two-factor authentication code, is a form of Multi-Factor Authentication (MFA) that requires a generated code as an additional verification factor to a username and password. For example, when logging in to an account, instead of solely entering your credentials, you would also have to provide a second method of verification by entering a code from an authenticator app or one that is sent to your phone.
Continue reading to learn more about 2FA codes and how you can use them to protect your accounts.
How 2FA Codes Work
Before understanding how 2FA codes work, you first have to know the two types of 2FA codes. The first type is Time-based One-Time Passwords (TOTP) and the second is SMS-based One-Time Passwords (OTP).
TOTP codes are typically generated by authenticator apps that you can download on your phone. These codes regenerate every 30-60 seconds, so they’re different each time you use them. Some password managers also offer the option to generate and store TOTP codes so you don’t need a separate application. When using TOTP codes, it’s important to know that once the set time for them runs out, they expire, so you must always enter the most recent code that appears.
SMS OTP codes are sent to you via text message. You typically receive these text messages when you are attempting to log in to your account and have already entered your credentials correctly. To access your account, you’ll need to enter the code sent to you through text message to verify who you are.
Why Use 2FA Codes?
You should use 2FA codes to add an extra layer of security to your accounts and protect yourself in the event of a data breach.
Extra layer of security
2FA codes, like any other type of MFA, provide your accounts with an extra layer of security. In the case that someone were to guess your password or compromise it due to weak password practices, requiring a 2FA code would prevent them from being able to gain access to your account. This is because they don’t have the ability to see your 2FA codes – only you do.
It’s strongly recommended that you use more than two authentication factors for your accounts to add that critical extra layer of security.
Protects you in the event of a public data breach
Public data breaches are extremely common and often lead to customer data being leaked and published on the dark web. These breaches usually expose customers’ Personally Identifiable Information (PII) and login credentials. In the event that your credentials are involved in a public data breach, having a 2FA code on your account would prevent a threat actor from being able to successfully access it.
How Can I Get a 2FA Code?
There are different ways you can receive 2FA codes and some are more secure than others.
Authenticator apps
Authenticator apps are applications you download onto your phone. Google Authenticator and Microsoft Authenticator are two examples of authenticator apps. When using an authenticator app, you’ll first need to set it up with your account by scanning the Quick Response (QR) code that is given to you. Once it’s set up, every time you log in to that account, you’ll need to enter the 2FA code generated by the authenticator app. The 2FA code given to you is time-based so you’ll need to enter it before time runs out, which is usually 30-60 seconds.
SMS text messages
Another way you can get 2FA codes is by text message. This is the most popular way to receive 2FA codes since it’s the most convenient for users, but receiving 2FA codes this way is also the least secure. Security professionals strongly advise against using this method for receiving 2FA codes because they’re more vulnerable to being intercepted by a threat actor.
For example, if you were to become a victim of a SIM swapping attack, in which a threat actor swaps your SIM card to their phone, they would start receiving all your text messages and phone calls. This means they’d also be able to receive your 2FA codes that are sent through text message, which they can use to compromise your accounts.
Password managers
Certain password managers enable you to generate 2FA codes for your accounts. When you set up 2FA for an account in the same record you have your credentials stored, your 2FA code will autofill along with your credentials. In short, your 2FA codes and credentials will all be stored in the same place, meaning you don’t have to download different apps to access them. One password manager that provides users with the ability to generate and store 2FA codes is Keeper Password Manager.
How to Set Up Two-Factor Codes in Keeper
Keeper Password Manager is the password manager that offers the ability to generate and store 2FA codes in your password vault. Here’s how to set up 2FA codes when using Keeper:
- Log into your Keeper Vault.
- Locate the record for which you want to generate and store a 2FA code.
- Click on the record.
- In the record, click the edit button on the top right corner that looks like a pencil.
- Click where it says “Add Two-Factor Code.”
- From here, you’ll have the option to scan a QR code or enter the code given to you manually.
- Log into the account for which you want to set up a 2FA code.
- Find the option to enable two-factor authentication in your security settings (this will vary from account to account).
- If using Keeper on your phone, scan the QR code displayed during the setup process. If using Keeper on desktop, upload a screenshot of the QR code or manually enter the code provided.
Once you’ve set up the 2FA code in the associated record, your credentials and 2FA code will autofill when you log into your account. Having your 2FA code autofill not only saves you time but also ensures that you’re receiving your 2FA code securely since everything stored in your Keeper Vault is encrypted. Generating and storing your 2FA codes in Keeper takes away the risk of threat actors being able to intercept them.
If you don’t already have a password manager, you can start a free 30-day trial of Keeper Password Manager to see just how secure and convenient it is to store and generate your 2FA codes.
Source: Keeper Security
G2 just released their Fall 2023 Reports, and Sophos is the only cybersecurity provider named a Leader across the G2 Grid® Reports for Endpoint Protection Suites, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software and Managed Detection and Response (MDR). Additionally, G2 users also rated Sophos the #1 overall MDR and Firewall solutions.
Independent Sophos customer validation
G2 distinctions and rankings are based on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform. In G2’s Fall 2023 Reports, Sophos was a named an Overall Leader in five categories, as well as a Leader in 10 individual market segment Grids:
- Endpoint Protection Suites: Overall, Enterprise, Mid-Market, and Small Business Grids
- EDR: Overall, and Mid-Market Grids
- XDR: Overall and Mid-Market Grids
- Firewall: Overall, Enterprise, Mid-Market, and Small Business Grids
- MDR: Overall, Enterprise, and Mid-Market Grids
We are honored that our services and products have been recognized by our customers and thank them for putting their trust in us.
Delivering defense in depth for today’s businesses
As adversaries have become more sophisticated and elusive, defenders should implement a defense-in-depth strategy that includes protection, detection, and response at every point along the attack chain to cover their entire environment. This layered approach should be inclusive of endpoint, network, email, and cloud security, as well as threat hunting and remediation services by security experts.
The fact that IT and security professionals recognize Sophos as the Leader across these key categories is validation that Sophos delivers the best and most comprehensive set of products and services required for modern day cybersecurity.
Uniquely, all Sophos customers are protected by Sophos X-Ops, a joint task force that brings together deep expertise across the attack environment from frontline threat hunters and incident responders to deep malware and AI specialists. Together they provide unparalleled insights into how threats are built, delivered, and operate in real time. Armed with this deep understanding, Sophos is able to build innovative, powerful, and effective defenses against even the most advanced threats.
Additional Sophos customer and analyst validation
Alongside our G2 recognition, Sophos solutions are widely recognized by customers and the analyst community, including:
Sophos Endpoint
- Named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the 13th consecutive time
Sophos Extended Detection and Response (XDR)
- Recognized as the #1 overall leader in the Omdia Universe for Comprehensive Extended Detection and Response (XDR)
Sophos Firewall
- Named a 2022 Gartner® Customers’ Choice™ for Network Firewalls with a 4.7/5 rating on Gartner Peer Insights
- Recognized as a Strong Performer on the Forrester Wave
Sophos Managed Detection and Response (MDR)
- Named a 2023 Gartner® Customers’ Choice™ for Managed Detection and Response Services with a 4.8/5 rating on Gartner Peer Insights
- Top performer in the 2022 MITRE Engenuity ATT&CK Evaluation for Managed Services
Elevate your cyber defenses with Sophos
As the G2 ratings illustrate, Sophos provides unparalleled breadth and depth of protection. Our world-leading endpoint, network, email, cloud, and security operations solutions defend over 550,000 organizations from advanced cyberthreats, including ransomware.
Whether you’re looking to upgrade your firewall, enhance your endpoint defenses, streamline and accelerate your threat investigations, or add 24/7 human-led threat detection and response, we can help.
Our solutions are tremendous on their own – and even better together. Customers running both Sophos Intercept X Endpoint and Sophos Firewall consistently report that they are able to double the efficiency of their IT/cybersecurity team and realize a reduction of up to 85% in the number of security incidents that require investigation. With Sophos you can build a long-term security strategy with confidence. Wherever you start, and whatever your goals, Sophos can help you enjoy superior cybersecurity outcomes.
For more information on our services and products, speak to your Sophos partner or representative and visit our website.
Source: Sophos
Sophos Intercept X has been named a Customers’ Choice in the 2023 Gartner® Peer Insights™ Voice of the Customer report for Endpoint Protection Platforms.
Sophos earned a 4.8/5.0 rating in the report based on 451 verified reviews – no other vendor had a higher rating. Additionally, Sophos was recognized as the only Customers’ Choice vendor in the Education segment, and is also the only vendor named a Customers’ Choice across all industry segments in the report.
Access the full report here.
This latest recognition makes Sophos the only vendor to be named a Customers’ Choice in Endpoint Protection Platforms, Managed Detection and Response (MDR) Services, Network Firewalls, and Mobile Threat Defense in 2023 – a testament to Sophos’ ability to deliver a comprehensive, end-to-end cybersecurity platform protecting all facets of an organization.
Here are some examples of what customers had to say:
Prevent Breaches, Ransomware and Data Loss with Sophos Endpoint
Sophos Intercept X Endpoint works for you and with you, adapting your defenses in response to an attack. As threats increase in volume, complexity and impact, Sophos delivers better security outcomes for real-world organizations. To learn more, visit our website or speak to your Sophos partner or representative today.
Source: Sophos
In today’s digital world where organizations conduct the majority of their daily business and operations online, concerns about data privacy loom large. Customers are becoming more skeptical of how companies use their data, and governments and regulatory bodies are increasingly stepping in to regulate data collection. Consequently, the data privacy landscape is rapidly evolving, with industry and geographical data protection standards increasingly coming to the fore.
While the United States has the National Institute of Standards and Technology (NIST) Guide to Protecting the Confidentiality of Personally Identifiable Information, the European Union relies on the General Data Protection Regulation (GDPR) to protect personally identifiable information (PII) and consumer privacy. More region-wise laws and regulations, such as the California Consumer Privacy Act of 2018 (CCPA) and the California Privacy Rights Act of 2020 (CPRA), are also coming into effect every year. There are industry regulations as well, like the Health Insurance Portability and Accountability Act (HIPAA) for the health sector and the Payment Card Industry Data Security Standard (PCI DSS) for the finance sector, that make the regulatory world more convoluted.
As businesses strive to successfully navigate this ever-evolving, complex data protection regulation landscape, this presents a unique opportunity for managed service providers (MSPs). By providing data compliance services for businesses, MSPs can offer better value for their customers and generate a new and future-proof revenue stream. However, given the complexity and breadth of the regulatory compliance market, it’s not an easy ask.
MSPs often struggle to provide profitable data compliance services to customers due to various reasons, such as the high costs involved in implementing data compliance services, complexity of the compliance solutions and lack of skilled professionals. While these challenges restrict many MSPs from entering the compliance market, the MSPs that already offer compliance services often do so by thinning their margins or even operating at a loss. That’s where the integration of Datto Workplace with Compliance Manager GRC can be a game changer.
Secure collaboration solution meets simplified compliance management
Purpose-built for MSPs, Datto Workplace is one of the most secure and efficient enterprise file sync and share (EFSS) platform available in the market today. The platform enables users to access their files and collaborate securely from anywhere, on any device. By integrating with Compliance Manager GRC — a compliance management software — Datto Workplace now offers easy-to-use and robust data compliance features that can help MSPs create a new revenue stream or expand the margins on their existing data compliance services.
Users often store sensitive data in working files to achieve their productivity goals. By identifying, tagging and summarizing those PII data, Datto Workplace’s PII scan and summary feature prevents that data from getting leaked and empowers the business (your client) to stay compliant. Powered by Compliance Manager GRC, this feature automatically scans files and folders for sensitive data and PII, like Social Security numbers (SSN), U.S. driving licenses, birth dates and Automated Clearing House (ACH) numbers. It then flags and tags the files containing PII to bring heightened security awareness and provides a detailed PII summary report.
Notably, this unique automated feature of the platform also helps you to reduce your technicians’ workloads by up to 50% and eliminates the need for compliance-specific skill sets. For instance, another way to identify PII data in files and folders is by using Microsoft 365’s innate feature. However, it’s a manual and cumbersome process that requires up to 51 custom search queries to be created and maintained, which should then be followed by manual search results tracking.
Offer data compliance services at a healthy margin
MSPs can get this feature at a predictable, low cost. Datto Workplace and Compliance Manager GRC have flat-fee subscription models with no hidden or surprise costs to shock you. You get an immediate return on investment with larger margins without any CAPEX investment.
Datto is the world’s largest vendor of proven, reliable and secure BCDR solutions for MSPs. Go the Datto way, offer cost-efficient data compliance services to your clients and take your MSP game to the next level.
Source: Datto
Sophos Email has everything you’ve come to expect from a world-class email security solution.
It leverages the most advanced threat intelligence, behavioral analysis, machine learning, and reputation analytics to keep malicious email from ever reaching your users’ inboxes.
But it doesn’t stop there: state of the art language processing, display name analysis, look-a-like domain checks, and post-delivery protection put a stop to benign-looking messages that later turn out to be malicious.
Add to that an entire suite of data loss prevention and encryption tools, Microsoft 365 integration, powerful message handling features, and shared threat intelligence with other Sophos products that enables you to identify previously unseen indicators of compromise and remove suspicious files across environments.
It’s a core pillar of our portfolio that extends visibility across Microsoft 365, cloud server workloads, endpoints, the network and more.
But we’re not slowing down one bit. In fact, we’ve recently accelerated Sophos Email development to include a host of new features and technologies.
On-demand clawback
Sophos Email post-delivery protection automatically removes messages containing attachments and URLs that are benign at the time of delivery but later become active and malicious.
With on-demand clawback, administrators can now manually remove any message from users’ inboxes with the click of a button in the Sophos Central admin console. No more wading through Microsoft Exchange or security consoles and having to run PowerShell scripts.
This feature is available to all customers running Microsoft 365 with post-delivery protection enabled. It’s a great tool for removing messages that might not be malicious but that may contain sensitive or confidential information.
The next evolution of our clawback capabilities will be our API and alerting into the Managed Detection and Response (MDR) Console, which is due out this quarter and will provide our MDR analysts with the ability to remove threats and stop active malicious email campaigns directly from their consoles.
Mail flow rules (MFR) tamper protection
Also for Microsoft 365 customers is our new mail flow rules tamper protection. Changes to mail flow rules can inadvertently break mail flow. This new feature alerts customers and provides one-click resolution, restoration, and correction to configurations and mail flow.
Google directory sync
Using Google Workspace instead? We’ve added directory synchronization features that make it a snap to keep your Workspace users and mailboxes up to date inside the Sophos Central console. No need for manual configuration or roundabout synchronization with Microsoft Azure first.
Admin access to end-user lists
And that’s not all. We’ve added a new and highly-requested feature: admin access to end user allow and block lists, complete with import, export, and the ability to search, add, and delete entries directly from within the Sophos Central console. This feature was one of the top customer and field requests over the last 18 months and will reduce support tickets while enhancing the experience for both admins and end users.
And there’s more!
I’m from South Louisiana, so we call this “lagniappe” (a little extra).
We’ve also added new smart banners for plain-text messages and messages that might be unscannable due to key-signing, password protection, or encryption. And coming in the Q3 timeframe, we’re adding the ability to control which languages and countries of origin are allowed to deliver email to inboxes.
And that’s just the beginning. Check out Sophos.com/Email for further enhancements or reach out to your Sophos rep with any questions.
Source: Sophos
Sophos, a global leader in innovating and delivering cybersecurity as a service, today announced it has been named a Customers’ Choice for Managed Detection and Response (MDR) in the inaugural Gartner® Voice of the Customer Peer Insights™ report. Sophos received an overall customer rating of 4.8/5, based on 261 reviews, as of May 31 2023, with verified customer reviews praising the service.
The report highlights that Sophos was one of the vendors to receive the highest “Willingness to Recommend” score at 97%, and was also named Customers’ Choice for MDR in the Midsize Enterprise segment, which Gartner ranges between $50 million to $1 billion.
“Regardless of their size and target market, organizations are in the cross-hairs of cyberattackers and need constant 24/7 monitoring, threat detection and response as part of their cybersecurity strategy. The overwhelmingly positive response in the new Gartner Peer Insights report is, in our opinion, indiciative of the trust our customers have in us and the quality of our human-led threat detection and response expertise,” said Rob Harrison, vice president of product management at Sophos. “Our customers’ response also demonstrates the value of our MDR service’s unique ability to integrate and manage existing multi-vendor security environments in a range of markets, including larger, mid-market enterprises.”
Select Sophos MDR customer quotes from the report include:
- “Having Sophos support their own endpoint, firewall, and email security products with their own staff’s MDR service has taken our confidence in their critical responses to a new level,” said an IT manager in the manufacturing industry
- “Stop working so hard. Let Sophos MDR do it,” said a director of IT in the software industry
- “Knowing we have a team watching our organization 24/7/365 gives comfort,” said a manager of cybersecurity and government, risk and compliance in the manufacturing industry
Sophos MDR is the most widely used MDR offering with more than 17,000 customers across all industries, and is the most reviewed MDR solution on other Gartner Peer Insights and G2 reports. It is the only MDR service that can be delivered across end users’ existing third-party security deployments as well as Sophos offerings. Sophos recently launched Sophos MDR for Microsoft Defender, a fully-managed offering that provides the industry’s most robust threat response capabilities for organizations using Microsoft Security. The solution adds a critical layer of 24/7 protection across the Microsoft Security suite of endpoint, SIEM, identity, cloud, and other solutions to safeguard against data breaches, ransomware and other active adversary cyberattacks.
Vendors placed in the upper-right quadrant meet or exceed both the market average Overall Experience and the market average User Interest and Adoption.
A complimentary copy of the Gartner Peer Insights Voice of the Customer: MDR Services report is available for additional information.
Source: Sophos
There are many different types of phishing scams, but email remains the most common of them all. Responding to a sender, clicking on a link, or downloading a file that may not be trustworthy can lead to data corruption, leaked confidential information, and infected devices or networks.
Read the tips below or scroll down to view the full infographic.
Here is how to avoid becoming a phishing victim:
1.INSPECT THE SENDER’S EMAIL ADDRESS
Phishing involves using email addresses that contain suspicious elements to target victims, even sometimes spoofing a well-known site or brand. Be on the lookout for changed or added words or characters, as well as misspelled words within a domain name.
2.EXAMINE THE MESSAGE’S GREETING AND TONE
Be wary of emails that utilize a generic greeting and an urgent tone. Phishing emails target many people at once and implore the recipient to take immediate action, usually without a personalized opening line.
3.LOOK FOR VERIFIABLE SENDER CONTACT INFORMATION
Avoid responding to emails that don’t contain any return contact information for the sender, such as a phone number, email address, or office location.
4.DON’T SEND SENSITIVE INFORMATION VIA EMAIL
Even if the email has an urgent tone, never divulge confidential information in reply to an email. Cyber criminals leverage social engineering techniques to obtain personal data like names, addresses, banking information, and more that can be used for fraudulent activity.
5.AVOID CLICKING ON UNEXPECTED LINKS
Don’t click on links that come from unfamiliar email senders or organizations. You may be redirected to a website or start a download that can compromise your data or infect your device.
6.AVOID OPENING UNTRUSTWORTHY EMAIL ATTACHMENTS
Avoid opening email attachments from untrustworthy senders or simply to satisfy your curiosity. Suspicious attachments can be carriers of malware and ransomware payloads that can corrupt your data and harm your device.
7.INSTALL A PHISHING FILTER FOR YOUR EMAIL CLIENT
Ensure that you have a phishing filter that works with your desktop email software of choice. You can also install one for use in your browser. While it won’t keep out all phishing messages, it will greatly reduce the number of attempts that show up in your inbox.
95% of data breaches are due to human error.
Source: Fortra
Sophos has released The State of Ransomware in Education 2023, an insightful report based on a survey of 400 IT/cybersecurity professionals across 14 countries working in education. The findings reveal the real-world ransomware experiences of the sector.
Rate of attack and data encryption
The education sector reported the highest rates of ransomware attacks of all the industries surveyed. 80% of lower education providers and 79% of higher education providers reported that they were hit by ransomware in the 2023 survey, up from 56% and 64%, respectively, in our 2022 survey. The 2023 rates of attack are more than double than reported in our 2021 survey, when 44% of education providers experienced a ransomware attack.
Data encryption in the education sector has continued to rise: the rate in lower education has gone up from 72% to 81% year over year. Higher education reported a 73% rate of data encryption, similar to the 74% reported the year before.
18% of attacks in lower education were stopped before the data was encrypted, down from 22% the year prior. Encouragingly, higher education reported an increase in the rate of attacks stopped before data encryption, up from 22% in the 2022 report to 25% in the 2023 report.
Of the lower education organizations that had data encrypted, 27% said their data was also stolen. This figure reached 35% in higher education, suggesting that this “double dip” method (data encryption and data exfiltration) is becoming commonplace.
Root causes of attacks
Compromised credentials (36%) and exploited vulnerabilities (29%) were the top two most common root causes of the most significant ransomware attacks in lower education. Emails (malicious emails or phishing) were the starting points for nearly one-third of the attacks (30%), suggesting that the sector is highly exposed to email-based threats.
In higher education, exploited vulnerabilities (40%) were the most common root cause of ransomware attacks, followed by compromised credentials at 37%. Together, they account for over three-quarters of ransomware attacks (77%) in higher education. Email-based attacks (malicious email or phishing) are a less common root cause but still drive almost one in five ransomware incidents (19%).
Data recovery and the propensity to pay the ransom
All higher education and 99% of lower education organizations got their encrypted data back, higher than the 97% cross-sector average.
73% in lower education used backups for data recovery, while almost half (47%) paid the ransom. Higher education was among the bottom three sectors globally for backup use, with only two-thirds (63%) reporting the use of backups for data recovery. The sector also reported one of the highest rates of ransom payments for data recovery at 56%.
While the cross-sector recovery costs increased year over year, in lower education, they have remained level ($1.59M in the 2023 report vs. $1.58M the in 2022 report). In higher education, recovery costs have dropped considerably from the $1.42M reported in the 2022 survey to just over $1 million in the 2023 survey, suggesting that as ransomware rates increase, higher education organizations are getting better at recovering from attacks and are able to do so at a lower cost.
Read the full report here.
Mitigating the ransomware risk
Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:
- Strengthen defensive shields, including:
- Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentials
- Adaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
- 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
- Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
- Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations
About the survey
Data for the State of Ransomware 2023 report comes from a vendor-agnostic survey of 3,000 cybersecurity/IT leaders conducted between January and March 2023, including 400 in the education sector: 200 from lower education (up to 18 years) and 200 from higher education (above 18 years) and including both public and private sector education providers. Respondents were based in 14 countries across the Americas, EMEA, and Asia Pacific. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.
Source: Sophos