Sophos Firewall has been rated the #1 firewall solution by G2 users in their spring 2023 Reports. G2 distinctions and rankings are based on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform.

Sophos Firewall has been rated 4.6 out of 5 stars by IT professionals, topping the charts:

Here’s a small sampling of review headlines:

“Easy to use, highly functional, powerful firewall – great value”

“Network Security Made Simple with Sophos Firewall”

“Sophos: Firewall With Cutting edge Highlights And Functionalities”

“Leading AV and Firewall Protection Hands Down”

Check out the full reviews on G2.com and how Sophos was named a leader in several other categories including Endpoint, EDR, XDR and MDR.

These reviews are a great endorsement of our commitment to helping solve today’s top problems with securing modern networks. We do this by delivering a uniquely differentiated next-gen firewall that is extremely easy to deploy and use, offers the best value in the industry, and works alongside a complete portfolio of complimentary network security products – all managed from a single cloud console, Sophos Central.

Sophos Firewall and our Network Security portfolio has received a number of impressive and innovative updates in recent months that customers are raving about, including:

• New high-performance XGS 7500 and 8500 Models, setting a new benchmark in price-per-protected Mbps
• New 5G cellular connectivity modules for our XGS desktop appliance models with expansion bays
• New firmware releases for Sophos Firewall that bring added performance, full-featured SD-WAN capabilities, VPN optimizations, quality of life improvements, and much more
• ZTNA v2, which delivers ZTNA-as-a-service with cloud gateways and macOS support that makes connecting remote workers to networked applications easier and more secure than ever

Check out Sophos Firewall and our full ecosystem of Secure Access Products at Sophos.com/Firewall.

Source: Sophos

In the age of robots and artificial intelligence comes another player in the AI market: ChatGPT (Generative Pre-trained Transformer). Since its release, cyber security professionals have unlocked various opportunities with its features. Namely, it can answer prompts, write codes on demand, detect phishing emails, and crack passwords.

In a nutshell, ChatGPT can be an invaluable tool for security leaders. But who’s to say it can’t be used by cyber criminals for the other side of the same coin?

What is ChatGPT, and Why is it Important?

Launched by OpenAI in late 2022, ChatGPT aims to answer queries by pooling massive data from the internet to answer prompts. Its cyber security application is its ability to write different software languages and debug codes.

ChatGPT has grown in popularity, having recently launched ChatGPT Plus at $20/month. This pilot subscription plan is only available to users in the United States at the time of writing. The creators have initially launched ChatGPT in the U.S. under a research preview to hopefully gain insight into the tool’s strengths and limitations and improve it for widescale use.

While OpenAI says it has received millions of feedback and is in the process of making updates accordingly, cyber security experts are, as early as now, able to tell its implications in the industry—both good and bad.

With that, ChatGPT is setting the course to revolutionize how AI is utilized to further cyber security objectives and minimize threats. Although it still needs further research, it’s a promising tool for cyber security professionals.

The Pros and Cons of Using ChatGPT in Cyber Security

ChatGPT has a massive impact on the cyber security industry. This effect can be either good or bad, depending on how the technology is used and who uses it. While AI can be invaluable in detecting and stopping cyber attacks, there are also associated risks that cannot be ignored.

The Benefits of ChatGPT for Cyber Security Leaders

ChatGPT’s features are proving to be highly valuable for cyber security leaders, from improving their knowledge to helping them generate complicated code on demand.

Generating Code

ChatGPT makes it easier for cyber security professionals to generate code in any language, whether or not they have prior knowledge or experience. This makes it a very innovative platform that can advance a person’s understanding of cyber security, allowing them to ask follow-up questions to the AI or that complicated topics be simplified.

Better Decision-Making

Automation can help security professionals process and analyze large amounts of data in real time. This helps in improving decision-making abilities and enabling organizations to use their data more efficiently to make more informed business decisions.

The Cons of ChatGPT

…or the benefits of ChatGPT for cyber criminals.

Generating Malware Code

One of the biggest risks is ChatGPT being used to write malware code. While the company behind it has set up parameters to prevent this, many developers have put the security measures to the test. ChatGPT can detect and reject requests to write malware code.

However, cyber criminals can easily get around it by providing a detailed explanation of the steps to write the code instead of a direct prompt. ChatGPT will fail to identify this as a request to write malware and will effectively generate it.

Just by using different wordings and slight variations that do not pertain to malware, multiple scripts for complicated attack processes can be automated with ChatGPT. In effect, ChatGPT makes it easier for inexperienced attackers to keep up with the sophistication of cyber security measures.

With the use of AI and bypassing its security parameters, it can generate malware code to launch cyber attacks.

Creating Phishing Emails

Cyber criminals can also leverage ChatGPT to create phishing emails. They can ask it to generate a phishing prompt, although indirectly, to bypass the security measures and retrieve malicious code that can download reverse shells. These can potentially connect to a computer, allowing the attacker to access it and its files remotely.

Password Cracking

ChatGPT’s capacity to generate password candidates with speed and accuracy makes it more possible and even easier to identify passwords. If users don’t take the necessary precautions and protect their accounts from unauthorized access, ChatGPT can make it highly likely for attackers to identify their passwords and retrieve important data.

BEC

With ChatGPT, BEC detection can get more complicated. ChatGPT can potentially be used to generate new and unique content for every BEC attack, effectively bypassing detection tools. In the same way that ChatGPT makes writing phishing emails easier and faster, this technology may be used by attackers to carry out their agendas.

Is ChatGPT After Cyber Security Jobs?

There’s no doubt that ChatGPT can cut so much workload for cyber security professionals. But as of the moment, nothing can compare to human work—the latter is still more accurate and reliable than this AI technology.

More development is needed to improve the value and effectiveness of ChatGPT and similar technologies, especially in promoting cyber security.

Overall, however, ChatGPT can definitely find its positive footing in the industry. But in the wrong hands, it can also be used to carry out successful cyber attacks. Being that ChatGPT is still in its beta phase, we should expect better security parameters to prevent it from being used to negate cyber security efforts.

There have been quite a few controversies and bans involving ChatGPT since its release, some of which point to its negative cyber security implications. But OpenAI is adamant in saying its goal is to refine and expand its current ChatGPT offer based on user feedback and needs.

Source: Terranova

G2 just released their Spring 2023 Reports, and Sophos is the only cybersecurity provider named a Leader across the G2 Grid® Reports for Endpoint Protection Suites, Endpoint Detection and Response (EDR), Extended Detection and Response (XDR), Firewall Software and Managed Detection and Response (MDR). Additionally, G2 users also rated Sophos the #1 overall XDR and Firewall solutions.

Independent Sophos Customer Validation

G2 distinctions and rankings are based on independent, verified customer reviews on G2.com, the world’s largest software marketplace and peer-review platform. In G2’s Spring 2023 Reports, Sophos was a named an Overall Leader in five categories, as well as a Leader in 11 individual market segment Grids:

• Endpoint Protection Suites: Overall, Enterprise, Mid-Market, and Small Business Grids
• EDR: Overall, Enterprise, Mid-Market, and Small Business Grids
• XDR: Overall, Enterprise, and Mid-Market Grids
• Firewall: Overall, Mid-Market, and Small Business Grids
• MDR: Overall and Mid-Market Grids

We are honored that our services and products have been recognized by our customers and thank them for putting their trust in us.

Delivering Defense in Depth for Today’s Businesses

As adversaries have become more sophisticated and elusive, defenders should implement a defense-in-depth strategy that includes protection, detection, and response at every point along the attack chain to cover their entire environment. This layered approach should be inclusive of endpoint, network, email, and cloud security, as well as threat hunting and remediation services by security experts.

The fact that IT and security professionals recognize Sophos as the Leader across these key categories is validation that Sophos delivers the best and most comprehensive set of products and services required for modern day cybersecurity.

Uniquely, all Sophos customers are protected by Sophos X-Ops, a joint task force that brings together deep expertise across the attack environment from frontline threat hunters and incident responders to deep malware and AI specialists. Together they provide unparalleled insights into how threats are built, delivered, and operate in real time. Armed with this deep understanding, Sophos is able to build innovative, powerful, and effective defenses against even the most advanced threats.

Additional Sophos Customer and Analyst Validation

Alongside our G2 recognition, Sophos solutions are widely recognized by customers and the analyst community, including:

Sophos Endpoint

• Named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the 13th consecutive time
• Named a 2021 Gartner® Customers’ Choice™ for Endpoint Protection Platforms with a 4.8/5 customer rating on Gartner Peer Insights

Sophos Extended Detection and Response (XDR)

• Recognized as the #1 overall leader in the Omdia Universe for Comprehensive Extended Detection and Response (XDR)

Sophos Firewall

• Named a 2022 Gartner® Customers’ Choice™ for Network Firewalls with a 4.7/5 rating on Gartner Peer Insights
• Recognized as a Strong Performer on the Forrester Wave

Sophos Managed Detection and Response (MDR)

• Top rated and most reviewed vendor on Gartner® Peer Insights™ for Managed Detection and Response Services
• Top performer in the 2022 MITRE Engenuity ATT&CK Evaluation for Managed Services

Elevate your Cyber Defenses with Sophos

As the G2 ratings illustrate, Sophos provides unparalleled breadth and depth of protection. Our world-leading endpoint, network, email, cloud, and security operations solutions defend over 550,000 organizations from advanced cyberthreats, including ransomware.

Whether you’re looking to upgrade your firewall, enhance your endpoint defenses, streamline and accelerate your threat investigations, or add 24/7 human-led threat detection and response, we can help.

Our solutions are tremendous on their own – and even better together. Customers running both Sophos Intercept X Endpoint and Sophos Firewall consistently report that they are able to double the efficiency of their IT/cybersecurity team and realize a reduction of up to 85% in the number of security incidents that require investigation. With Sophos you can build a long-term security strategy with confidence. Wherever you start, and whatever your goals, Sophos can help you enjoy superior cybersecurity outcomes.
For more information on our services and products, speak to your Sophos partner or representative and visit our website.

Source: Sophos

Retail organizations routinely encounter a wide range of cyberattacks such as phishing, credential stuffing, ransomware, and supply chain attacks.

Many of these attacks are aimed at exfiltrating customers’ personal and financial information. In addition, attacks on point-of-sale (POS) systems are becoming popular. If attackers can gain entry into more critical systems like inventory and billing, it can cause operational disruptions.

Thanks to increased digitization and IoT integration, retailers’ potential attack surfaces have expaned as well. As such, the cybersecurity challenges for retailers continue to grow in volume and complexity.

In fact, 77% of retail organizations were hit by ransomware in 2021 – a massive 75% increase from 2020. More than half of retail organizations reported an increase in attack volume, complexity, and impact of cyberattacks on their organizations over the previous year. Read the full report here.

Retail’s evolving threat landscape

The growing professionalism of criminal groups and their evolving tactics, techniques, and procedures are significant drivers behind the complex retail threat landscape today. A few other factors are adding to the cybersecurity challenge in this sector as well:

• Phishing attacks trick customers and employees into giving attackers easy access to systems and payment data
• Attacks on unpatched POS systems hack transactional data and give unauthorized access to valuable information like credit card PINs
• Retail organizations rely on a vast network of third-party suppliers to keep their businesses and stocks moving, which adds complexity
• Retailers need to secure multiple devices, platforms, and customer-facing web and mobile apps to ensure positive customer experiences and operational efficiencies across distributed sites
• Business email compromise (BEC) scams are becoming commonplace in retail, where key executives are lured into divulging sensitive company information
• Retailers need to ensure compliance with regulations and standards such as PCI DSS, GDPR, HIPAA, and SOC2 due to the vast private and sensitive data they hold
• Cybercriminals are targeting the cloud to exploit less established cybersecurity practices than in traditional on-premises environments

Sophos can help

Download our Cybersecurity Guide for Retail to learn how Sophos can help address the most common cybersecurity challenges facing the retail sector.

Sophos MDR is our fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to sophisticated cyberattacks that technology solutions alone cannot prevent. As the world’s most trusted MDR provider and with hundreds of retail customers, we have unparalleled depth and breadth of expertise when it comes to threats facing the retail sector. Sophos MDR applies learnings from defending one retail organization to all others in the sector, generating “community immunity” and elevating everyone’s defenses.

“Because Sophos MDR is there, we can prop up and mature other areas of the organization like vulnerability management, patching, and security awareness.”

– The Fresh Market, U.S.

“We appreciate that Sophos keeps on top of the latest activity and threats, so we can focus on delivering a secure, world-class service for customers and artists.”

– CD Baby, U.S.

Sophos ZTNA eliminates vulnerable VPN clients, enabling you to offer secure and seamless access to resources for your remote users. It removes implicit trust in your environment’s applications, users, and devices by providing policy-based, segmented access to your systems and resources to only those who need it.

Sophos Secure Access Portfolio enables retail organizations to connect remote and branch sites, deliver critical cloud and SaaS applications, and share data and information between sites.

It includes:

• Sophos ZTNA to support secure access to applications
• Sophos SD-RED remote Ethernet devices to safely extend your network to branch locations
• Sophos Wireless access points for easy and secure wireless networking
• Sophos Switch for secure access on the LAN

Everything is managed through a single cloud-based security platform, Sophos Central.

Speak with an expert

To learn more and discuss how Sophos can help you, contact your Sophos representative or request a call-back from our security specialists.

Source: Sophos

Over the last few weeks, there’s been a lot of coverage of OpenAI’s release of ChatGPT. The technology is piquing the interest of many for the innovative possibilities it brings to all sorts of communications, from answering questions to providing learning resources to troubleshooting tech issues. Unfortunately, many in the cybersecurity industry are concerned malicious actors will use this new tool for nefarious purposes, launching clever new ways to ensnare potential cybercrime victims.

Two Concerning ChatGPT Use Cases 

One of these use cases is the ability for foreign threat actors to create legitimate-looking emails with proper grammar and spelling in languages they don’t speak. This makes phishing emails more challenging for recipients to identify since poorly-written messages are common clues that something is amiss.

Another dangerous ChatGPT scenario involves the creation of polymorphic malware. This is where the original malicious code mutates using techniques such as obfuscation and encryption but retains its functionality. This makes the malware more difficult to detect using traditional security controls.

How Did We Get Here? 

The purpose of considering the cyberattack scenarios possible with ChatGPT is not to instill fear—there is already enough of that happening online. Rather, it’s important to take a step back and look at the history of the threat landscape and how it’s evolved to understand the current situation. Since the early days of computing and the internet, threat actors have always excelled at taking advantage of innovative technologies to develop new techniques for infiltrating networks and systems. This prompts the industry to innovate further by enhancing the available detection technologies or developing new detection techniques. It’s a constant game of cat and mouse.

Phishing and polymorphic malware have been around since the 1990s and have evolved over the past two decades. In that time, detection capabilities have changed alongside them to continuously get faster and more accurate. Some of these technologies include capabilities like heuristics,  sandboxing, dynamic reputational scoring, and behavior analysis. Today, these are table stakes, but they were once groundbreaking new techniques created to address the emerging risks of their day.

How to Address the Challenges of ChatGPT 

ChatGPT is expected to be the latest technique for threat actors, and vendors will continue to evolve their detection engines as well. Organizations should continue with their in-depth defense strategies and reliance on user awareness training programs, maintain a disciplined patch management program, and ensure they regularly test their defenses to uncover blind spots to harden those vectors.

Source: Fortra

In celebration of World Backup Day, we’re highlighting the best of backup with our partners who’ve done an outstanding job for their clients. These MSPs are a model for how to prepare your clients with the best backup and recovery strategies before an incident occurs.

These partners really stand out for their work in protecting their clients from downtime and data loss.

Most forward-thinking MSP: Ceeva

As SMBs transition to the cloud, they’re relying on the MSPs to ensure that their business continuity and disaster recovery (BCDR) coverage remains firmly in place. “Our customers tell us that minimizing downtime is the most important thing,” says Rick Topping, Vice President of Operations and Technology for Ceeva. “However, there are challenges for MSPs with the native Azure Backup system that Microsoft provides. The costs are not predictable and it doesn’t integrate with our existing systems, which makes it hard to know if you have a functioning backup.”

“Datto Continuity for Microsoft Azure is an ideal solution for Ceeva and our end customers,” says Topping. “We rely on Datto SIRIS for on-premises BCDR. When Datto launched DCMA we knew we’d be able to provide the same high performance that our customers expect.”

As SMBs continue gravitating toward the public cloud, Ceeva has the confidence that comes with a Datto solution made for the needs of MSPs. “Datto Continuity for Microsoft Azure gives us the reliability and trust we require for BCDR,” Topping concludes.

Best performance in a high-stakes situation: CMIT

“We got a call from the client at 9 am on a Saturday, letting us know they had been affected by ransomware,” said Linda Kuppersmith, the owner of CMIT Solutions Stamford & Hartford, “we were only responsible for backup and disaster for this particular client, so we did not get any ransomware alert.”

“We shortly discovered the backup was infected, that a backup failed at 4:20 am that Saturday.” Linda explained, “we further discovered 9/10 servers and 30/100 workstations were hit with ransomware.” The whole incident was catastrophic for the client freezing every transaction across the property, from restaurant services to checkout. Worse, it happened at one of the busiest times of the year.

The client “Was skeptical that recovery could be achieved without paying the considerable ransom since anything more than 2 days would be catastrophic for the business. We stated we were confident it would take nowhere near that time to virtualize good snapshots of the affected servers”, said Linda. The main database virtualized at 12:10 pm and finished virtualizing at 11:00 pm for a 1 TB oracle database service.”

We were able to get them virtualized and have the VPN connection from the cloud to the local LAN,” Linda continued, “Their systems were up and mostly operational just 10 hours later, with the resort being fully operational 13 hours after the backup failed.”

Achievement for going above and beyond: Total Communications

“When you start talking about backups, and then expand that into business continuity, they often say, ‘Wow! We haven’t really thought about this – how will we outfit our people when disaster strikes?’” says Scott Lennon, CEO of Total Communications. “Helping customers prepare is a major part of our offering.”

“Our goal is to be the right-fit technology partner by working with each client’s needs,” says Shawn Silver, COO of Total Communications. “We work to understand what they currently have for infrastructure and business continuity, then develop a plan that works within their budget. The goal is to be a whole-service client consultant.”

“We have a big footprint with Datto appliances – we’re currently overseeing more than 100 devices,” says Andrew Shmer, Computer Services Engineer for Total Communications. “SIRIS provides multiple recovery options in physical and virtual environments, for small and medium-sized businesses. Using SIRIS we can bring an organization back up and running within minutes when there’s an outage. Our customers are truly amazed by what SIRIS can do in those situations.

Source: Datto

[vc_row][vc_column][vc_column_text]

With the introduction of 5G to metropolises, public transportation companies, like Cyprus Public Transport, are aiming to modernize their transportation systems to support daily commuters. Other than enhancing the onboard experience, 5G technologies can better the monitoring and management of bus fleets.

Beginning operations not too long ago, Cyprus Public Transport now has a fleet of over 200 buses to serve everyday travels of Cypriots. In the start of 2022, they set in motion their plans to provide upgraded services, including Wi-Fi connectivity via 5G, for their buses.

The Challenge

[/vc_column_text][/vc_column][/vc_row]

Your Firewall is the heart of your network helping secure it from risks and threats.  And while it’s a security product, and a critically important one, it also needs to be secured.  This article outlines some of the best practices for hardening your Sophos Firewall.

1. Update The Firmware with Every Release

If you only take away one thing from this article, it’s this. And this recommendation doesn’t just apply to your firewall, but all of your networking infrastructure. Most Sophos Firewall OS firmware updates include important security fixes.  The best way to harden your firewall is to ensure it’s running the latest firmware.  For Sophos Firewall, we just released v19.5 MR1 which includes a number of great new features, a significant performance boost, and several fixes.  You can always find the latest firmware release for your firewall simply by navigating to Backup and Firmware > Firmware (as shown below).

2. Enable Hotfixes

Occasionally, patches for vulnerabilities and other security fixes are released between regular firmware updates.  This is done by applying hotfixes to your firewall automatically so its vitally important that this feature be enabled on your firewall.  While it’s enabled by default, some customers have disabled this. If you are one of those, it’s highly recommended you go back and turn this feature on.  This feature is found by navigating to Backup and Firmware > Firmware – check that “Allow automatic installation of hotfixes” is enabled (as highlighted at the bottom of the screen shot above).

3. Limit Access to Firewall Services

Your Firewall offers a number of ways to limit access to services that are not required to reduce your exposure on the WAN. You should periodically check the device access settings and ensure that all unnecessary services are disabled (unchecked) on the WAN (see screen shot below).  In particular, it’s strongly recommended that you disable remote admin via HTTPS and SSH, as well as the Captive Portal and User Portal on the WAN. Use Sophos Central, VPN or ZTNA to manage your firewall remotely. See the product documentation for instructions on how to manage device access.

4. Utilize Multi-Factor Authentication and Role-Based Administration

Enable multi-factor authentication (MFA) or one-time-passwords (OTP) and enforce strong passwords to protect your firewall from unauthorized access from stolen credentials or brute force hacking attempts.  Sophos Firewall supports a rich set of MFA authentication options including new Azure AD single-sign-on authentication for webadmin access which can be super convenient (video / documentation).

You should also consider taking advantage of Sophos Firewall’s granular role-based administration profiles to limit access for administrators of the firewall. Provide read-only access to administrators that don’t absolutely need control over various firewall functions.

5. Additional Best Practices for Securing Your Network from Ransomware

While you’re looking at ways to better secure your network, I suggest you take a look at our recommended best-practices for securing your broader network from the latest ransomware and other advanced threats.  If you’re a Sophos Firewall customer, you’re already well on your way to better protecting your network, but there may be other Sophos solutions you’re overlooking that can further help secure your organization.

Download the Guide to get the full set of best practices.

Source: Sophos

The cybersecurity challenges in the education sector continue to rise in volume and complexity. Educational institutions are a prime target for attack due to the vast amount of sensitive data they hold, from personal information on staff and students to valuable research data. Recently, the sector’s attack surface has increased, driven in-part by the growth in e-learning, accelerated use of collaborative apps, increased remote access, and the sheer number of devices and the diversity of operating systems on the network.

Illustrating the scale of the challenge, the frequency of ransomware attacks in education has increased considerably in recent years with 56% of lower education and 64% of higher education organizations reporting being hit by ransomware in 2021, up from 44% in 2020*. More broadly, almost half of education organizations reported an increase in the volume, complexity, and impact of cyberattacks on their organizations over the previous year. Read the full report here.

The education sector faces unique challenges

Evolving attacker tactics, techniques, and procedures (TTPs) and the growing professionalism of the cybercrime industry are significant drivers behind today’s complex threat landscape. A number of additional factors further compound the cybersecurity challenge facing the education sector:

• Students and staff need 24/7 access to online portals via a multitude of devices
• School districts and universities need to enable the secure exchange of personal data, digital teaching content, financial transactions, and more across different departments and sites
• The number of private and school-issued devices accessing the network continues to grow, as does the number of educational technologies and apps
• Encryption protocols used in collaboration and data sharing tools create blind spots for protection technologies, allowing cybercriminals to carry out malicious activities undetected, such as cloaking data exfiltration operations and hiding command-and-control traffic
• Schools need to ensure compliance with regulations and maintain student safety while using the internet
• Cybercriminals are actively attempting to exploit the use of cloud-based technologies as cybersecurity practices are less established than in traditional on-premises environments

Sophos can help

Download our Cybersecurity Guide for Educational Institutions whitepaper to learn how Sophos can help address the most common cybersecurity challenges facing the education sector.

Sophos MDR is our fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to sophisticated cyberattacks that technology solutions alone cannot prevent. As the world’s most trusted MDR provider and with many hundreds of education sector customers, we have unparalleled depth and breadth of expertise when it comes to threats facing the education sector. Sophos MDR applies learnings from defending one education organization to all others in the sector, generating “community immunity” and elevating everyone’s defenses.

“The pen testers were shocked they couldn’t find a way in. That was the point we knew we could absolutely trust the Sophos service.”

University of South Queensland

“Since implementing Sophos, we’ve managed to free up significant operational hours that have allowed our teams to focus on initiatives that have increased our student satisfaction.”

London South Bank University

“The Sophos team acts as our goalkeepers, sitting behind us with their skill sets and giving us reassurance that they have our back.”

Inspire Education Group

Sophos ZTNA eliminates vulnerable VPN clients, enabling you to offer secure and seamless access to resources for your remote users defined by policies. It removes implicit trust in your environment’s applications, users, and devices, allowing segmented access to your systems and resources to just those who need it.

Sophos Secure Access Portfolio enables educational institutions to connect remote and branch sites, deliver critical cloud and SaaS applications such as Dropbox Education, G Suite, ClassDojo, etc., and share data and information between sites. It includes:

• Sophos ZTNA to support secure access to applications
• Sophos SD-RED remote Ethernet devices to safely extend your network to branch locations and remote devices
• Sophos Wireless access points for easy and secure wireless networking
• Sophos Switch for secure access on the LAN

Plus, to simplify management, everything is managed through a single cloud-based security platform, Sophos Central.

Speak with an expert

To learn more and discuss how Sophos can help you, contact your Sophos representative or request a call-back from our security specialists.

Source: Sophos

Cybersecurity has gained more importance in finance and banking for a few reasons. First, cyber threats are increasing in the volume and complexity. Second, the sector’s attack surface has grown thanks to digitization, the use of cloud apps, new fintech solutions, and other quality-of-life features for customers. As such, financial institutions now store large volumes of critically sensitive personally identifiable information (PII), corporate data, and financial information that must be carefully protected.

A 2022 Sophos survey of 444 IT professionals working in financial services revealed that 55% of organizations were hit by ransomware in 2021 – a 62% increase over the previous year. While 55% of organizations reported an increase in attack volume over the year before, 64% reported an increase in attack complexity and 55% reported an increase in the impact of attacks. Read the full report here.

Factors contributing to rising cybersecurity risks in finance and banking

Evolving attacker tactics, techniques, and procedures as well as increasing professionalism in the cybercrime industry are significant drivers behind the sector’s complex threat landscape today.

There are a few others:

• Third-party vendors supporting the vital day-to-day operations of banks and financial institutions require remote access to critical resources, systems, and data. This increases the risk of misuse of access privileges, leading to credential and data theft.
• Anytime, easy access to critical business data on employees’ smartphones, tablets, and laptops threatens the security of sensitive financial and customer data.
• On-boarding new technologies and applications on the network, such as mobile banking, instant payment technology, e-signatures, digital signage, and videos introduces vulnerabilities into the system.
• The sector faces strict data security requirements by regulations and standards such as ISO/IEC 27001, GLBA, GDPR, SOX, and PCI DSS due to the vast private and sensitive data it holds.
• Local, state, and national branch sites share large amounts of sensitive information every day and also require continuous remote access to centrally located corporate resources and applications.
• The cloud is integral to the successful day-to-day operations of banks and financial institutions. But it has become a major target for cybercriminals looking to exploit less established cybersecurity practices than in traditional on-premises environments.

Sophos can help

To learn about how Sophos secures finance and banking organizations, download our Cybersecurity Guide for Finance and Banking whitepaper.

Sophos can help address the most common cybersecurity challenges facing finance and banking organizations:

Sophos MDR is our fully-managed, 24/7 service delivered by experts who specialize in detecting and responding to sophisticated cyberattacks that technology solutions alone cannot prevent. As the world’s most trusted MDR provider, we have unparalleled depth and breadth of expertise when it comes to threats facing the finance sector.

Leveraging extensive cross-product and cross-platform telemetry, we can generate “community immunity,” applying learnings from defending one finance and banking organization to all other customers in the sector, elevating everyone’s defenses.

“The IT team has saved at least 40 hours a week that would otherwise have been spent on security operations tasks.”

AAVAS Financiers Limited

“Sophos MDR helped us keep up with the growing volume and sophistication of cyberthreats without ramping up our security operations team.”

Tourism Finance Corporation of India Limited

Sophos ZTNA eliminates vulnerable VPN clients, enabling you to offer secure and seamless access to resources for your remote workers defined by policies. It removes implicit trust in your environment’s applications, users, and devices, allowing segmented access to your systems and resources to just those who need it.

Sophos Secure Access Portfolio enables financial institutions to connect remote and branch sites, deliver critical cloud and SaaS applications, and share data and information. It includes Sophos ZTNA to support secure access to applications, Sophos SD-RED remote Ethernet devices to safely extend your network to branch offices and remote devices, Sophos Wireless access points for easy and secure wireless networking, and Sophos Switch for secure access on the LAN. Everything is managed through a single cloud-based security platform, Sophos Central.

For more information and to discuss your requirements, contact your Sophos representative or request a call-back from our security specialists.

Source: Sophos

We are thrilled to announce that Sophos has, once again, been named a Leader in the 2022 Gartner® Magic Quadrant™ for Endpoint Protection Platforms (EPP). This marks our 13th consecutive recognition as a Leader.

A Leader, again

We believe a key factor contributing to our continued Leader position is our relentless focus on innovation. While threats and operating environments have evolved over the last 13 reports, Sophos has continued to keep customers ahead of even the most advanced attacks.

Sophos’ services and products are powered by Sophos X-Ops, our cross-domain threat intelligence unit that brings together deep expertise across the attack environment. Armed with this deep understanding, we are able to build powerful, effective defenses against even the most advanced threats. Unparalleled ransomware protection, deep learning artificial intelligence, exploit prevention, and active adversary mitigations in our endpoint protection stop attacks cold.

Further advancing our cybersecurity leadership with the recent launch of the newly enhanced Sophos MDR service, Sophos is the first endpoint security vendor to deliver MDR across both its own product portfolio as well as customers’ existing security deployments. Sophos MDR now integrates telemetry from third-party endpoint, firewall, cloud, identity, email, and other security technologies as part of the Sophos Adaptive Cybersecurity Ecosystem, further accelerating threat detection and response.

Most trusted MDR service

Sophos MDR is the world’s most trusted MDR service, protecting more than 15,000 organizations against advanced threats that technology alone cannot stop. It addresses the growing need for flexible managed services and threat response options, meeting customers – ranging from small businesses to large corporations – where they are.

Learn more about our service and speak with our security advisers to discuss how Sophos MDR can help you.

Double recognition is a double honor

Our Gartner Magic Quadrant for EPP recognition follows Sophos being named a 2021 Gartner® Peer Insights™ Customers’ Choice for Endpoint Protection Platforms.

To us, being recognized in the Gartner Magic Quadrant for EPP and named a Gartner Peer Insights Customers’ Choice for EPP is a tremendous honor and, we believe, testament to the quality of our protection and service we provide.

Read the full report at https://www.sophos.com/en-us/report/magic-quadrant-endpoint-protection-platforms

Source: Sophos

Trust is one of the most important aspects of business, especially when it comes to the collection and use of people’s personal data. As consumers advocate for organisations to take more precautions in handling their personal data, legislative bodies are listening, and more data privacy regulations are being passed globally each year. Being proactive in complying with, or better yet, staying ahead of regulatory requirements, can be used to your organisation’s advantage to drive consumer trust and business opportunities.

This blog will explore consumer concerns regarding personal data, how leveraging data privacy regulations benefits organisations and consumers, and what steps your organisation can take to both build data privacy practice and maintain consumer trust.

Consumer distrust is a growing problem

Consumers are becoming more aware and concerned about how their personal data is being used and handled. The following statistics demonstrate the concern and distrust that is developing among consumers:

•  87% of executives think customers highly trust their companies when only about 30% actually do
•  86% of consumers say data privacy is a growing concern
•  75% of executives say that since the pandemic began, they have had a harder time building and maintaining trust with their customers
•  71% of consumers say they’re unlikely to buy if a company loses their trust
•  40% of consumers don’t trust organisations to use their data ethically
•  30% of consumers aren’t willing to share their personal data for any reason

Furthering and validating these concerns in a recent Salesforce study, nearly half of consumers surveyed said they lost trust in brands due to misuse of personal information. Once trust has been broken, more than half (55%) of consumers say they will NEVER give the brand their business again.

Use a proactive approach to complying with privacy regulations

This misuse of personal data has driven consumers to advocate for more precautions to be taken with their personal data, driving the emergence of various privacy regulations globally such as GDPR and CCPA. Cisco’s Consumer Privacy Survey highlights “Consumers want transparency and control with respect to business data practices – an increasing number will act to protect their data”. In order to meet consumer desires regarding the handling of personal data, one of the best things your organisation can do is to start protecting consumer’s data right now. This approach shows consumers that you understand their concerns and are taking proactive steps to protecting their data. Rather than simply waiting for a privacy regulation to go into effect, or scrambling to protect personal data only because it is the law, taking early action sends customers a clear message about your organisation’s priorities and values.

How to improve your data privacy practice and build consumer trust

Now that we’ve identified how getting a head start on protecting consumer data can be beneficial, let’s explore how to go about implementing this strategy into your organisation. An article by Entrepreneur’s Organization for Inc. outlines three ways how you can both improve your privacy practices and build customer trust at the same time regarding personal data:

1.Map your data

Mapping your data, also known as creating a data inventory, involves following a data record through your system from the point of collection to deletion. Data mapping can help your company understand:

•  What types of information are actively collected
•  What data is actually being used
•  Who the information is shared with and who has access to it
•  Where and how long data is being stored
•  Where your processes deviate from stated policies

Many companies think they know this information already, but most businesses collect more information than they need, store it too long, and have poor access controls that leave data vulnerable to exposure.

A data map gives you the empirical information you need to recognise and address these issues.

Data classification can assist with data mapping by identifying and categorising data into set schema, giving you greater visibility of what data you have and where it resides. Alongside the labeling capabilities of data classification, monitoring and reporting modules give your organisation further insight into who has access to what data and what they are doing with it.

2.Set your privacy strategy and policy

A data privacy strategy and policy is crucial to keeping your consumer’s personal data secure. Once you know where the weak points in your processes are, you can start building a new privacy strategy that’s legally compliant and future-proofed against changes to either privacy laws or best practices.

Foundational principles that should be part of any privacy program include:

•  Seeking cross-functional input from all your teams
•  Maximising data value while minimising the amount collected by focusing on first-party data (data collected directly from consumers, as opposed to an outside source such as a paid list)
•  Establishing a culture of privacy through continuous employee training

It’s much easier to craft a privacy policy once you’re armed with an accurate data map and a strong privacy strategy.

A good privacy policy accurately describes how your company collects and processes consumer information, is short and easy to understand (no legal jargon) and is clearly visible on your website.

Data classification solutions enable users to assign visual labels to the data they create, collect, and store, so that informed decisions can be taken about how it is managed, protected and shared, both within and outside of your organisation. Involving your users in data privacy strategies aids in establishing a culture of privacy, teaching them the value of the data they are handling, and ensuring set privacy strategies and policies are followed.

3.Brag about it

Almost 76 percent of companies that invest in a robust privacy program see increased loyalty and trust from their customers. But even the best privacy program in the world won’t help you if your customers don’t know about it.

Marketing your business’s commitment to privacy is just as essential to building digital trust as building your privacy program in the first place. Instead of treating privacy as a cost center, weave your commitment into all your messaging until it becomes a key part of your brand’s reputation.

With consumer trust dropping, and the emergence of global data privacy regulations on the rise, it is more important than ever for organisations know what data they have, where it is located, and how it is being used.

Gartner predicts that by the end of 2023, modern privacy laws will cover the personal information of 75% of the world’s population, so why not embrace this trend of privacy regulations to benefit both your organisation and your consumers?

Learn more about how our data classification solutions can help your organisation build trust with your consumers by scheduling a free demo today.

Source: Boldon James

Check out the latest enhancements in our market-leading Sophos Intercept X Endpoint solution that protects Windows, macOS, and Linux systems against never-before seen ransomware, malware, phishing, web threats, and attacker-led behaviors.

Year in, year out, Sophos Intercept X Endpoint delivers superior cybersecurity outcomes to over a quarter of a million organizations worldwide thanks to our relentless focus on innovation and our commitment to delivering the strongest protection.

Testament to the quality of our defenses, Sophos ranked as industry best in SE Labs’ protection tests in the fourth quarter of 2022, earning AAA ratings across the board. In both the Enterprise and SMB categories, we achieved:

• 100% rating for Protection Accuracy
• 100% rating for Legitimate Accuracy
• 100% rating for Total Accuracy

Customers also give Sophos top scores. As of February 20th, 2023, Sophos Intercept X Endpoint has a 4.8/5 rating across 374 independent reviews on Gartner Peer Insights, with 95% of customers saying they would recommend Sophos.

While we’re proud of all these results, we are passionate about protecting our users, so I want to share with you some recent enhancements that help our customers stay ahead of today’s well-funded, constantly innovating adversaries and streamline day-to-day endpoint security management.

Adaptive Active Adversary Protection

We’re constantly developing new protection techniques to guard our customers against the latest attacks. One of the latest additions to Sophos Endpoint security is Adaptive Active Adversary Protection. This new capability from SophosLabs is automatically activated whenever we detect signs that a device has been compromised and there is a hands-on-keyboard attack in progress.

Adaptive Active Adversary Protection temporarily puts the impacted device into a more aggressive security mode that disrupts and delays the attacker by automatically blocking a wide range of activities that are commonly performed in human-led attacks. Just a few examples of the malicious behaviors that we prevent include:

• Attempts to run remote admin tools
• Attempts to run untrusted executables
• Attempts to boot the machine in Safe Mode

Plus many, many more…

By stopping a malicious actor from performing these activities, Adaptive Active Adversary Protection slows the attack and buys time for security teams to respond to the threat before the adversary can achieve their goal. Once there are no further signs of adversary activity on the device, Adaptive Active Adversary Protection is turned off automatically. No manual enablement or tuning required!

Account Health Check

Sophos Endpoint is packed with technologies that protect organizations against advanced threats. The Account Health Check lets you quickly ensure those capabilities are correctly configured and deployed, optimizing your protection. Available to all customers via the Sophos Central platform, the Account Health Check performs several key assessments:

• Software assignment – do devices have all the Sophos Endpoint software components assigned to them?
• Threat policy – are policies using Sophos’ recommended settings?
• Exclusions – are any exclusions creating attack surface exposure?
• Tamper protection – has tamper protection been disabled on any workstations and servers?

Should the Account Health Check detect any issues, a simple ‘fix automatically’ option lets you update your protection instantly to the recommended settings. Customers have used this easy remediation option over 11,000 times in the three months since we introduced this feature, optimizing their security posture in a single click.

While recommended settings are automatically applied with all new Sophos deployments, over time issues can develop as devices are added and removed, team members change, and different software subscriptions are purchased. We recommend reviewing the Account Health Check at least every three months – and ideally monthly – to maintain a healthy environment.

Enhanced Software Management Options

Although all organizations need the same high levels of protection, larger companies often require more granular management capabilities. We recently released Fixed Term Support packages and special ‘Maintenance Release’ (MR) packages for Windows computers and servers, with macOS and Linux coverage coming later this year.

Fixed Term Support packages enable customers to precisely control which versions of Sophos Endpoint software they deploy on specific devices/groups of Windows devices. This allows you to control when devices are upgraded instead of being on the Sophos update schedule.

Special ‘Maintenance Release’ (MR) packages are where Sophos Support makes packages available to specific customers that contain fixes before the next full software rollout. Customers can apply these packages immediately to targeted devices, rapidly accelerating an organization’s ability to address an issue.

Read more about these features on the Sophos Community.

Malware Protection Enhancements for Linux

Customers asked us for on-access malware scanning and quarantine for Linux machines – and we’ve delivered. These features are now live, complementing our existing Linux protection functionality, including runtime detections, live detection, and live response.

As a reminder, the legacy Sophos Antivirus for Linux product will be retired in July 2023, so if you’re still using Sophos Antivirus for Linux, switch to the new Sophos Protection for Linux agent today.

Faster, Lightweight Agent

Sophos Endpoint delivers superior protection without compromise. We’ve expanded our protection capabilities while also reducing the Windows agent’s memory footprint by 40% and reducing the number of processes by over 30%. Plus, we’ve introduced a new XDR-sensor deployment option that is ~80% lighter than the older full agent. The result: accelerated performance of applications, workloads, and devices.

Built-in ZTNA Agent – on Windows and macOS Devices

Zero-Trust Network Access (ZTNA) is fast becoming the remote access technology of choice for organizations of all sizes. It enhances security, is easier to manage, and works reliably everywhere without getting in the way.

Sophos Intercept X Endpoint is the only endpoint protection solution with a built-in ZTNA agent, future-proofing customers’ defenses. Following our recent addition of macOS support, organizations can extend their protection to include Sophos ZTNA across their entire estate at any time, without the need to deploy an additional agent*.  Both solutions are managed through the Sophos Central platform for elevated ease of use.

* Requires Sophos ZTNA subscription purchase

More Coming Soon!

We have an exciting and aggressive roadmap that continues our delivery of innovative, market-leading protection for our customers. In the coming months, we look forward to introducing a Long-Term Support (LTS) version for Windows that allows customers to stay on a static version for up to 18 months. This is particularly useful for critical infrastructure where version control is strictly controlled.

We’ll also be adding a new software version report in the Central UI. With the ability to define which version/packages are deployed to every device, this new report will enable customers to quickly review and identify versions/packages running on their devices.

Following the very warm customer response to the Account Health Check, we will soon be launching additional features including a new ‘snooze’ option to defer checks to a later time, proactive alerts that notify you whenever a configuration change is made that affects cyber health, and scoring that enables you to track improvements in security posture over time.

We’re further enhancing the Sophos Linux Sensor (SLS), adding the ability to ingest detection data into the Sophos Data Lake and Threat Analysis Center, and we’ll also enable security teams to create and manage runtime detections in Sophos Central.

Plus, for macOS, admin-led device isolation will be available imminently, and we’re planning to open our Early Access Program (EAP)  for HTTPS decryption for web protection next quarter. I look forward to sharing more details about these and other enhancements shortly.

Explore Sophos Endpoint Security Today

To find out more about Sophos Endpoint  and how it can help your organization better defend against today’s advanced attacks, speak with a Sophos adviser or your partner today.

Source: Sophos

Sophos Firewall v19.5 was released in November and has been our fastest-adopted release, with over 50,000 firewalls already having upgraded. It’s also been our best quality release ever: it’s packed with great features that boost performance, resiliency, and management ease.

If you haven’t already upgraded your Sophos Firewall to v19.5, here are the top five reasons you should upgrade today:

1. Added performance: Sophos Firewall OS v19.5 includes Xstream FastPath acceleration of TLS encrypted traffic and improvements in IPSec tunnel capacity and performance, leveraging the programmable Xstream Flow Processors in every XGS Series firewall appliance.
2. Robust SD-WAN: SFOS v19.5 includes a new SD-WAN load balancing capability that can use multiple SD-WAN links for added performance and redundancy, as well as OSPFv3 (IPv6) dynamic routing support.
3. High availability: Several enhancements improve managing high-availability deployments in active-active or active-passive setups, including new status and visibility improvements along with redundant link support.
4. Azure AD integration: Makes it easier for firewall admins in an Azure AD environment to log in and manage Sophos firewalls using the same credentials.
5. Host and services search: This feature makes it easy to find the network object you’re looking for and reduce the duplication of assets.

Here’s a quick overview of everything that’s new in Sophos Firewall v19.5:

And, as usual, every Sophos Firewall release includes important security, performance, and reliability enhancements. See the full release notes for details. Also check the latest training materials available for Sophos Customers and Sophos Partners.

Upgrading couldn’t be easier

If you manage your firewalls in Sophos Central, simply click the download arrow for the firewall you want to upgrade and choose “Schedule Upgrades”…

Data loss is a constant threat to businesses, and the risk it comes with is not just a monetary one from breaching regulatory requirements, but perhaps far more costly in the long run is the potential reputational damage. When it comes to your organisation’s security ecosystem, Data Loss Prevention (DLP) solutions are a key priority for anyone handling sensitive data. There are two main types of DLP – Network DLP and Endpoint DLP – each providing a different function to protecting and securing sensitive data. Let’s explore what Network DLP (NDLP) and Endpoint DLP (EDLP) are, the differences between them, and how data classification integrates to bolster DLP decision making.

Network DLP (NDLP)

Network DLP (NDLP), also referred to as data-in-motion protection, mitigates the risk of data loss by monitoring, controlling, and reporting the flow of sensitive data via the network, email, or web. It sees data as it moves through the network and enforces policies at that time. For example, if a user attempts to send an email with sensitive data, NDLP inspects that traffic and can automatically take actions based on the organisation’s predefined policies such as block, audit, forward, notify, encrypt, and quarantine. NDLP also has visibility into web traffic such as social media sites for added protection.

A major benefit to NDLP is that it can be deployed with very little overhead and does not require much upkeep. However, as NDLP uses a box or virtual machine on the corporate network that data traffic passes through, devices must be connected to your network in order to protect data. If the device is off the network and not on a corporate VPN, NDLP does not have visibility into what is happening with data and cannot protect it. Even with a VPN, NDLP does not directly prevent data from being saved on external devices such as USB drives.

Endpoint DLP (EDLP)

Endpoint DLP (EDLP) monitors all endpoints such as laptops, desktops, phones, and any other device on which data is used, moved, or stored. With EDLP, an agent lives on the endpoint (the system) and gives you visibility into the data as it is created or updated and is then tagged to alert the user if it contains sensitive data. The agent can also see actions such as copy/paste, screenshots, and printing, and can restrict those processes, and prevents data from being saved on a USB drive, CD, or DVD. EDLP can protect data either on or off the corporate network, so data is protected even if users are working remotely and not connected to the corporate network via VPN.

Having data protected at its source is an enormous benefit, however EDLP requires the deployment and ongoing maintenance of agent software on every protected device. Volume of upkeep will depend on the number of laptops, desktops, severs, etc. in your organisation. This can be a lot to deploy and manage if the organisation has a multitude of devices to keep up with.

How they differ

While NDLP and EDLP work to the same end goal, preventing sensitive data loss, they are very different when it comes to what levels of control they offer and how they are deployed. The main difference between NDLP and EDLP is that NDLP secures communications on the organisation’s network, while EDLP safeguards intellectual property and ensures compliance with company policies. As discussed previously, NDLP protects data only in your company’s network, so a VPN must be used to make it conducive to a remote environment. However, NDLP is easy to deploy and does not require a dedicated resource once deployed. Meanwhile, EDLP protects data at the source offering deeper insight, but requires ongoing deployment and maintenance of the agent software on every device, which can be challenging to manage depending on the number of devices being used.

Questions to consider when choosing between NDLP and EDLP:

Deciding which option is best for your organisation depends on a few key factors:

• How much control over the endpoint do you have?

If you have devices that you are unable to modify for whatever reason (geographical location, personal device, etc.) and are allowing access to the corporate network and corporate data, then NDLP is the best option for the short term. Changes to endpoint policy are typically long-term plans in most organisations, and you do not want to wait to start protecting your data.

• How do you prioritise the thoroughness of data inspection vs. time, effort, and monetary investment in the inspection process?

NDLP is much faster to deploy and easier to maintain while EDLP provides deeper and more thorough insight and protection. Ultimately, you will need to make a realistic assessment of your organisations needs vs. capabilities.

Using data classification to enhance DLP

Both NDLP and EDLP provide a comprehensive set of control points at which to police the distribution of information – within the network and at the endpoint devices. However, unless the significance of the data is accurately determined, then even a pervasive set of control points will not prevent data leakage. A data classification solution assists users in applying consistent classification metadata to information, supplying DLP solutions with reliable insight into the meaning and value of data, which complements the detection methods based on keywords and regular expressions alone. With the business context captured in the metadata, DLP can then apply decisions in a consistent manner in order to control the distribution of information or apply further security measures.

Another benefit to data classification is that it helps mitigate one of the most prevalent hindrances to DLP – “false positives”. Organisations looking to deploy data loss prevention solutions are commonly faced with the dilemma of how to maximise the value of automated content scanning whilst avoiding the negative impact of “false positive” results. In order to avoid an adverse effect on business processes, DLP solutions can end-up being detuned to the point where only simple, highly predictable checks can be performed, for example, checking for credit card numbers, employee numbers, material codes, etc. As a result, the solution is left unable to identify the true business value of most information and to apply relevant controls. By engaging knowledge workers in the process of classifying the unstructured data that they routinely handle, it becomes possible to supply the DLP solution with predictable, meaningful metadata that greatly improves the reliability of DLP decision making. With improved accuracy of DLP decision making, the incidence of “false positives”, that are so frustrating to users and damaging to business processes, can be significantly reduced without compromising effectiveness.

With data being one of a businesses’ most valuable assets, implementing either NDLP or EDLP alongside a best-of-breed data classification solution, can help organisations maintain visibility and control of their data, keeping it safe, secure, and compliant. No matter which DLP route you choose, when paired with a classification solution, both NDLP and EDLP are some of the most effective tools for preventing data loss.

Source: Fortra

The Datto SMB Cybersecurity Survey for MSPs Report has been released, and it is packed with crucial information for MSPs to help them grow their sales and learn more about their clients’ pain points. The survey was created from a subset of data collected in a survey of 2,913 IT decision-makers conducted in July and August 2022. Respondents were required to be an IT decision-maker at an SMB with 10–300 employees. The markets chosen for analysis were North America (U.S. and Canada), the U.K., Germany, Australia and New Zealand, the Netherlands and Singapore. These seven key takeaways give MSPs a look into the minds of SMB cybersecurity decision-makers.

5 Key Takeaways from the Datto SMB Cybersecurity for SMBs Report

Businesses are getting the message that cybersecurity is critical to their success loud and clear, and they’re acting accordingly, creating a world of opportunity for MSPs. These are seven of the most notable data points in our report for MSPs.

1. IT decision-makers are in a buying mood.

Businesses are very concerned about security and ready to make investments to keep their organizations safe. SMBs continue to experience significant security challenges and they recognize that they need to spend to solve them, with about half of our survey respondents planning to spend on email security, backup and antivirus protection.

What security solutions are SMBs planning to invest in in the next 12 months?

2. Security is front and center on most SMB priority lists.

High-profile cyberattacks and strict data privacy laws have increased the importance of security for businesses. Few SMBs are cutting back on security spending, instead, they’re investing in security. Four in 10 of our survey respondents said that their organization is increasing their cybersecurity spending, and most expect that to continue – excellent news for MSPs in today’s challenging economy.

Are SMBs increasing or decreasing security spending?

3. Phishing is the biggest security woe that SMBs face.

Business IT leaders are worried about phishing and the danger it brings in its wake. Malicious advertisements are also troubling businesses. It’s also interesting to note the prominence of poor security practices and lack of training on this list. Security awareness training is a powerful and affordable tool for any business to use to mitigate security risk, yet far too many businesses aren’t getting the full benefit by running haphazard or infrequent training. This list does contain a spot of good news for MSPs: there are revenue growth possibilities for MSPs around email security and security training with phishing simulations.

What do SMBs see as their biggest security challenges?

4. Downtime is costly, but many businesses don’t have the right tools in place to minimize it.

MSPs have a golden opportunity to expand revenue and help their customers reduce expensive downtime with solutions like BCDR, managed SOC and incident response planning. Just under half of survey respondents (49%) said that their organizations relied on manual backup to recover data in their last cybersecurity incident. That means that half of the businesses we surveyed need to update to cloud backup and learn the benefits of BCDR — a big opportunity score for MSPs.

What are the most common methods used to recover data in the event of an incident?

5. Many SMBs need outside help to handle security.

More than half of our survey respondents admitted that a successful phishing attack or even worse, a ransomware attack, would seriously wound their organization with some saying that it could be a fatal blow. Many SMBs have that expectation because they’re not prepared to handle the fallout from a cyberattack. The cybersecurity skills shortage is only compounding their problems. That’s a big reason why a significant number of SMBs tend to rely on outsourced IT security. Businesses will continue to require expert help to maintain and enhance their security, and almost half of the IT professionals that we surveyed said that their organization relies on an MSP or MSSP to get the job done.

How do SMBs manage their security?

Learn more about the mindset, motivation and challenges of SMB security decision-makers by reading the Datto SMB Cybersecurity for SMBs Report, available now.

Source: Datto

Ransomware and phishing are usually put in two separate categories when cyberattack methodologies are discussed. However, ransomware operators are increasingly leveraging phishing tactics to deploy their malicious payloads, and the potential for compromise is exponentiating as a result.  

Ransomware and Phishing – a match made in heaven 

Phishing is the number one delivery vehicle for ransomware, states risk management firm Deloitte. Industry sources agree, and phishing was identified as the primary vehicle for ransomware in Coveware’s Q4 2020 Quarterly Ransomware Report. It beat out RDP (Remote Desktop Protocol) as the top initial attack vector, once the remote work avalanche of 2020 died down, and has since moved up as the fastest way to get malicious code in front of an organization. 

In a recent survey, it was revealed that a staggering 78% of organizations experienced one or more ransomware attacks in 2021, 68% of which stated that the attack originated from a direct email payload, second-stage malware delivery, or similar cause. And, IBM’s Cyber Resilient Organization Study noted the top three causes of ransomware that year as social media (19%), malicious websites (22%), and phishing (45%).  

The logic? Phishing emails are easy to send and lure the unsuspecting victim in with minimal awareness of an attack. The carefully crafted device of a social engineering scheme, the emails are customized to specific targets and appear to be from legitimate, even familiar, senders. Faced with unmanageable email volumes, even many once-careful users fail to scrutinize incoming mail and note small changes that would otherwise be suspicious red flags. Once the victim opens an email from their “bank” or “internet service provider” and confirms a few account details – or even just clicks into the malicious fake site – the payload detonates and the work of stealing and/or encrypting sensitive data begins. Once this work is completed, users are locked out and a ransom note appears.

Phishing on Social Media 

While popularly exploited on email servers, phishing attacks are not confined to inboxes. One of the rising vectors, as noted by the IBM study, is social media. Collaboration tools like Teams and Slack are prime grooming places for establishing trust and exploiting “coworkers”. Online spaces like LinkedIn are particularly vulnerable to facilitating attacks; as platforms built for connecting with strangers, they encourage direct messages which often contain links to shared professional interests. Many of those links are credible – some are not.  Unfortunately, with ransomware one click is all it takes.  

Ransomware operators also glean the personal information shared on social networking sites to craft a more custom-built attack. The authenticity and believability of many of the messages – “Hey Don, it was great talking to you at DEF CON. Here’s that link I was telling you about” – can fool even the most savvy. And, as Deloitte states, “many users are simply not sufficiently skeptical when it comes to receiving requests to do things like transfer funds, open attachments, or provide sensitive information.”  

Unfortunately, users don’t even have to engage to be at risk. A ransomware tool discovered in 2016 scraped the social media accounts of its victims to create personalized campaigns, ironically threatening to see its users in court if the ransom was not paid. Security researchers similarly noted Facebook-centered ransomware activity, allowing attackers to embed malicious code into uploaded image files which a misconfiguration then forced users to download.  

AI-Powered Ransomware 

The one saving grace is that customizing ransomware phishing attacks is time-consuming work. It requires human effort and insight and is difficult to scale. However, Artificial Intelligence could close the gap that makes even that automatable before long. “We have already seen [ransomware groups] hire pen testers to break into networks to figure out how to deploy ransomware. The next step will be that they will start hiring ML and AI experts to automate their malware campaigns,” said cybersecurity expert Mikko Hyppönen. Mark Driver, a research vice president at Gartner, says this could mean an even greater acceleration of attacks. “It’s not worth their effort if it takes them hours and hours to do it manually,” he explains. “But if they can automate it, absolutely.” The bottom line? “It’s terrifying.” 

The danger is not only AI-powered ransomware models, but AI-driven deepfakes that can impersonate legitimate sources and make phishing attempts that much more convincing. Reported cases of face- and voice- altering AI technology increased by 13% last year, and 66% of surveyed cybersecurity professionals reported seeing one in the past twelve months. Deepfakes in cyberattacks aren’t coming, they’re already here. 

Prevent Phishing Attacks and Ransomware 

One industry report noted that the number of ransomware attacks doubled year-over-year in 2021, and we are reminded that nearly 80% of organizations experienced at least one attack. This makes for very dire predictions. However, the best defense is a good offense and several offensive strategies exist for mitigating ransomware attacks.  

Criminals aren’t the only ones who can hire pen testers. Probing your environment for weak spots is one of the best ways to stress test your environment before attackers can take advantage of vulnerabilities. Given the fact that 82% of breaches are attributable to the “human element” – a healthy portion of error included – it’s next to inevitable that despite an organization’s best efforts, a phishing attempt will succeed sometime. When it does, malware will infiltrate the network looking for systems to exploit and data to exfiltrate. Red teaming, attack simulation, and black box fuzzing allow your team to see what’s possible to attackers before they do.  

Email security and anti-phishing measures need to be combined with an offensive security strategy for the best defense-in-depth approach. Together, they focus on preventing ransomware payloads from detonating and harming your network.  

Source: Fortra